PT-2026-2392 · E107 Cms · E107 Cms
Hubert Wojciechowski
·
Published
2026-01-13
·
Updated
2026-01-15
·
CVE-2022-50916
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
e107 CMS version 3.2.1
Description
The application contains a file upload issue that allows administrators with authentication to overwrite server files using the Media Manager import functionality. Specifically, attackers can manipulate the upload URL parameter to overwrite files such as
top.php within the web application directory.Recommendations
Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the Media Manager import functionality.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
E107 Cms