CNNVD-202601-1907 Information

CNNVD ID

CNNVD-202601-1907

Related CVE

CVE-2022-50939

• CNNVD Published: 2026-01-13

Description (Chinese)

e107是E107团队的一套开源、免费且基于PHP和MySQL的内容管理系统（CMS）。该系统支持多种插件和外观主题，可作为个人博客、讨论社区、档案资料库等。 e107 3.2.1版本存在代码问题漏洞，该漏洞源于文件上传功能存在路径遍历，可能导致经过身份验证的管理员覆盖任意服务器文件。

Description (English)

e107 is an open-source, free and PHP-based content management system (CMS) for the E107 team. The system supports various plugins and visual themes that can be used as personal blogs, community discussions, archives, etc. e107 3.2.1 has a code problem loophole, which stems from the fact that the file upload function has a routing history, which may result in any server file being covered by an authentication administrator.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

E107

Published

2026-01-13

Last Modified

2026-02-24

References

https://e107.org/download https://www.exploit-db.com/exploits/50910 https://www.vulncheck.com/advisories/e-cms-upload-restriction-bypass-with-path-traversal-file-override https://access.redhat.com/security/cve/cve-2022-50939