CVE-2022-50916
Authenticated File Upload Vulnerability in e107 CMS 3.2.1 Allows File Overwrite
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| e107 | e107 | 3.2.1 |
| e107 | e107 | 2.3.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2022-50916 is a file upload vulnerability in e107 CMS version 3.2.1 that allows authenticated administrators to bypass upload restrictions and overwrite existing server files through the Media Manager import functionality. Attackers can manipulate the upload URL parameter to replace critical files like top.php in the web application directory, potentially enabling unauthorized code execution or site compromise. [1]
How can this vulnerability impact me? :
This vulnerability can lead to severe impacts including unauthorized code execution, full server compromise, and site takeover. By overwriting critical files such as top.php, attackers can execute arbitrary code on the server, potentially gaining control over the web application and its data. [1]