CVE-2026-43936

Name of the Vulnerable Software and Affected Versions e107 versions prior to 2.3.4

Description e107 is a content management system (CMS) that contains a Server-Side Request Forgery (SSRF) in the remote file fetcher. This issue allows access to the local environment by specifying a local environment URL within the "Image/File URL:" field of the "From a remote location" option in the "Media Manager" on the administrator screen. SSRF is a flaw that allows an attacker to induce the server-side application to make requests to an unintended location.

Recommendations Update to version 2.3.4.