PT-2026-39512 · E107 Cms · E107 Cms
Halit Akaydin
·
Published
2026-05-10
·
Updated
2026-05-10
·
CVE-2021-47937
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
e107 CMS version 2.3.0
Description
Authenticated users with theme installation permissions can execute arbitrary commands by uploading malicious theme files. An attacker can upload a crafted theme package through the 'theme.php' endpoint to deploy a web shell in the
e107 themes directory and subsequently execute system commands using the payload.php script.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
RCE
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
E107 Cms