CVE-2026-43934

Name of the Vulnerable Software and Affected Versions e107 versions prior to 2.3.4

Description e107 is a content management system (CMS) containing a broken access control issue. An authenticated user can edit comments posted by other users due to inadequate server-side access control validation. The application relies solely on a predictable identifier in the request to determine the comment to be edited, failing to verify if the requesting user owns the comment.

Recommendations Update to version 2.3.4.