|
Description
|
|
Two vulnerabilities have been identified in e107, which could be exploited by malicious users to gain knowledge of sensitive information or compromise a vulnerable system.
The first issue is caused by an error when handling file uploads for avatar or photograph images, which could allow authenticated users to upload PHP scripts and execute arbitrary code on certain web servers.
The second vulnerability is caused by an input validation error in the "e107_plugins/content/content_manager.php" script when processing the "content_heading" parameter, which could be exploited by malicious users to conduct cross site scripting attacks.
|
