exploitDog

CVE-2022-50907

Опубликовано: 13 янв. 2026

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrative users to bypass upload restrictions and execute PHP files. Attackers can upload malicious PHP files to parent directories by manipulating the upload URL parameter, enabling remote code execution through the Media Manager import feature.

Ссылки

https://e107.org/
Product
https://e107.org/download
Product
https://www.exploit-db.com/exploits/50910
Exploit
Third Party Advisory
VDB Entry
https://www.vulncheck.com/advisories/e-cms-admin-upload-restriction-bypass-rce
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:e107:e107:3.2.1:*:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.00299

Низкий

7.2 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-x4hc-6gqq-2chh

CVSS3: 8.8

github

25 дней назад

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrative users to bypass upload restrictions and execute PHP files. Attackers can upload malicious PHP files to parent directories by manipulating the upload URL parameter, enabling remote code execution through the Media Manager import feature.

EPSS

Процентиль: 53%

0.00299

Низкий

7.2 High

CVSS3

Дефекты

CWE-434