CVE-2010-2099

EXPLOITED

e107 < 0.7.20 - Remote PHP Code Execution via BBCode Tag in Contact Form

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2010-2099 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including McFly.

AI-analyzed exploit summary This Perl script exploits a PHP code injection vulnerability in e107's contact form by injecting a PHP payload via the 'author_name' parameter. The payload executes the 'id' command, demonstrating remote code execution (RCE).

Description

bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method.

Exploits (1)

exploitdb WORKING POC VERIFIED
by McFly · perlwebappsmultiple
https://www.exploit-db.com/exploits/12715

This Perl script exploits a PHP code injection vulnerability in e107's contact form by injecting a PHP payload via the 'author_name' parameter. The payload executes the 'id' command, demonstrating remote code execution (RCE).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: e107 <= 0.7.20
No auth needed
Prerequisites: Target must have e107 <= 0.7.20 installed · Contact form must be accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

EPSS 0.0084
EPSS Percentile 75.2%

Details

VulnCheck KEV 2010-08-19
CWE
CWE-264
Status published
Products (49)
e107/e107 0.6_10
e107/e107 0.6_11
e107/e107 0.6_12
e107/e107 0.6_13
e107/e107 0.6_14
e107/e107 0.6_15
e107/e107 0.6_15a
e107/e107 0.7
e107/e107 0.7.0
e107/e107 0.7.1
... and 39 more
Published May 27, 2010
Tracked Since Feb 18, 2026