File Upload Vulnerability in e107 CMS by e107
CVE-2022-50907

8.6HIGH

Key Information:

Vendor: E107
Status: E107 Cms
Vendor: CVE Published:; 13 January 2026

Badges

👾 Exploit Exists

What is CVE-2022-50907?

The e107 CMS version 3.2.1 features a critical file upload vulnerability that permits authenticated administrative users to bypass security measures designed to restrict uploads. This issue arises from manipulating the upload URL parameter, which can lead to the execution of arbitrary PHP files on the server. By exploiting this flaw, attackers can utilize the Media Manager import feature to upload malicious files to parent directories, potentially enabling remote code execution.

Affected Version(s)

e107 CMS 3.2.1

References

https://www.exploit-db.com/exploits/50910

exploit

https://e107.org/

product

https://e107.org/download

product

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jan 13, 2026
👾
Exploit known to exist
Jan 13, 2026
Vulnerability published
Jan 13, 2026
Vulnerability Reserved
Jan 11, 2026

Credit

Hubert Wojciechowski

CVE-2022-50907 Data

JSON

E107

Badges

What is CVE-2022-50907?

Affected Version(s)

References

CVSS V4

Timeline

Credit