Cameron

5 exploits Active since Apr 2017
CVE-2022-27913 NOMISEC MEDIUM SCANNER
Joomla! 4.2.0-4.2.3 - Reflected Cross-Site Scripting in Various Components
An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components.
1 stars
CVSS 6.1
CVE-2021-27885 WRITEUP HIGH WRITEUP
e107 < 2.3.0 - Cross-Site Request Forgery via usersettings.php
usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.
CVSS 8.8
CVE-2017-8098 WRITEUP MEDIUM WRITEUP
e107 2.1.4 - Cross-Site Request Forgery in Plugin Installation
e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plug-in provided by the attacker.
CVSS 6.5
CVE-2018-16388 WRITEUP HIGH WRITEUP
e107 2.1.8 - Unauthenticated Arbitrary PHP File Upload via plupload
e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type.
CVSS 7.2
CVE-2018-16389 WRITEUP MEDIUM WRITEUP
e107 2.1.8 - SQL Injection via banlist.php old_ip Parameter
e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter.
CVSS 6.5