Local File Access Vulnerability in e107 CMS by e107 Inc.
CVE-2026-43936

4.3MEDIUM

Key Information:

Vendor

E107inc

Status
E107
Vendor
CVE Published:
26 May 2026

What is CVE-2026-43936?

A vulnerability exists in e107 CMS versions prior to 2.3.4 that allows unauthorized access to local environment files. By manipulating the 'Image/File URL' field in the Media Manager on the administrator screen, an attacker could exploit this weakness to gain unauthorized access to sensitive files or data. This issue has been addressed in version 2.3.4, emphasizing the necessity for users to update to the latest version to ensure their systems are secure.

Affected Version(s)

e107 < 2.3.4

References

https://github.com/e107inc/e107/security/advisories/GHSA-...
x_refsource_CONFIRM
https://github.com/e107inc/e107/commit/40b2d111
x_refsource_MISC
https://github.com/e107inc/e107/commit/5f98cc9f
x_refsource_MISC

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.