All 4 CVE vulnerabilities found in e107, with AI-generated Chinese analysis, references, and POCs.
Vendor: e107inc
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-46620 | e107: CSRF in comment.php moderation endpoints via token-optional validation in session_handler::check() CWE-285 | 6.5 | Medium | 2026-05-26 |
| CVE-2026-43935 | e107: Host Header Injection in e107 password reset enables phishing CWE-20 | 8.1 | High | 2026-05-26 |
| CVE-2026-43934 | e107: Broken Access Control in e107 comment edit allows cross-user comment modification CWE-284 | 6.5 | Medium | 2026-05-26 |
| CVE-2026-43936 | e107: Server-Side Request Forgery (SSRF) in the remote file fetcher CWE-918 | 4.3 | Medium | 2026-05-26 |
All 4 known CVE vulnerabilities affecting e107 with full Chinese analysis, references, and POCs where available.