Home

Description

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators to override server files through the Media Manager import functionality. Attackers can exploit the upload mechanism by manipulating the upload URL parameter to overwrite existing files like top.php in the web application directory.

PUBLISHED Reserved 2026-01-11 | Published 2026-01-13 | Updated 2026-01-16 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

Unrestricted Upload of File with Dangerous Type

Product status

3.2.1
affected

Credits

Hubert Wojciechowski finder

References

www.exploit-db.com/exploits/50910 (ExploitDB-50910) exploit

e107.org/ (Official Vendor Homepage) product

e107.org/download (Software Download Page) product

www.vulncheck.com/...uthenticated-admin-server-file-override (VulnCheck Advisory: e107 CMS v3.2.1 - Upload restriction bypass (Authenticated [Admin])+ Server file override) third-party-advisory

cve.org (CVE-2022-50916)

nvd.nist.gov (CVE-2022-50916)

Download JSON