CVE-2026-43936

Description

e107 is a content management system (CMS). Prior to 2.3.4, you can access the local environment by specifying the URL of the local environment from "Image/File URL:" of "From a remote location" in "Media Manager" on the administrator screen. This vulnerability is fixed in 2.3.4.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Affected products

e107inc / e107< 2.3.4 – < 2.3.4

References

VENDOR_ADVISORYhttps://github.com/e107inc/e107/security/advisories/GHSA-92fr-7h4f-22pp
PATCHhttps://github.com/e107inc/e107/commit/40b2d111
PATCHhttps://github.com/e107inc/e107/commit/5f98cc9f