Browse all 7 CVE security advisories affecting e107. AI-powered Chinese analysis, POCs, and references for each vulnerability.
e107 is an open-source content management system designed for building websites and online communities. Historically, it has been susceptible to various vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, with six CVEs currently documented. The platform's modular architecture and extensive plugin ecosystem have introduced security challenges, often stemming from insufficient input validation and access controls. While no major public security incidents have been widely reported, the consistent presence of vulnerabilities in older versions highlights the importance of regular updates and proper hardening for production deployments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2021-47937 | e107 CMS 2.3.0 Authenticated Remote Code Execution via Theme Upload — e107 CMSCWE-434 | 8.8 | High | 2026-05-10 |
| CVE-2022-50939 | e107 CMS v3.2.1 - Upload Restriction Bypass with Path Traversal File Override — e107 CMSCWE-22 | 7.2 | High | 2026-01-13 |
| CVE-2022-50916 | e107 CMS v3.2.1 - Upload restriction bypass (Authenticated [Admin])+ Server file override — e107 CMSCWE-434 | 7.2 | High | 2026-01-13 |
| CVE-2022-50907 | e107 CMS v3.2.1 - Admin Upload Restriction Bypass + RCE — e107 CMSCWE-434 | 7.2 | High | 2026-01-13 |
| CVE-2022-50906 | e107 CMS v3.2.1 - Admin Upload Restriction Bypass + Stored XSS — e107 CMSCWE-79 | 4.8 | Medium | 2026-01-13 |
| CVE-2022-50905 | e107 CMS v3.2.1 - Reflected XSS via Comment Flow — e107 CMSCWE-79 | 9.8 | Critical | 2026-01-13 |
| CVE-2025-11941 | e107 CMS Avatar image.php path traversal — CMSCWE-22 | 5.4 | Medium | 2025-10-19 |
This page lists every published CVE security advisory associated with e107. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.