CVE-2026-43935

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions e107 versions prior to 2.3.4

Description e107 is a content management system (CMS). A Host Header Injection in the password reset page allows attackers to manipulate the Host header to generate password reset links that point to domains controlled by the attacker. This can lead to account takeover or phishing attacks.

Recommendations Update to version 2.3.4.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-807

Related Identifiers

CVE-2026-43935

Affected Products

E107

CVE-2026-43935

Weakness Enumeration

Related Identifiers

Affected Products

References · 6