CVE-2022-50939
Path Traversal in e107 CMS 3.2.1 Allows Critical File Overwrite
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| e107 | e107 | 3.2.1 |
| e107 | e107 | 2.3.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2022-50939 is a critical vulnerability in e107 CMS version 3.2.1 that affects the Media Manager's remote URL upload functionality in the admin interface (image.php). The issue is caused by improper sanitization of the upload_caption parameter, which allows authenticated administrators to perform path traversal attacks by including directory traversal sequences (e.g., ../../../). This enables them to overwrite arbitrary server files outside the intended upload directory, such as configuration files or executable scripts, potentially leading to complete compromise of the web application. [2]
How can this vulnerability impact me? :
This vulnerability can allow an authenticated administrator to overwrite critical server files by exploiting path traversal in the upload_caption parameter. This can lead to complete compromise of the web application, including overwriting configuration files, executable scripts, or other critical system components. As a result, an attacker could execute arbitrary code, disrupt service, or gain full control over the affected server. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking for unauthorized or suspicious file uploads using directory traversal sequences in the upload_caption parameter of the Media Manager's remote URL upload functionality (image.php). One approach is to monitor HTTP POST requests to the image.php endpoint for parameters containing patterns like '../../../'. Additionally, inspecting server directories for unexpected or recently modified files outside the intended upload directory can help identify exploitation attempts. For example, using web server logs, you can grep for traversal sequences in upload_caption: `grep -r "upload_caption=.*\.\.\/\.\.\/" /var/log/apache2/access.log`. Also, scanning for unexpected PHP files in parent directories of the upload folder can indicate compromise. However, no specific detection commands are provided in the resources. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting administrative access to trusted users only, as exploitation requires authenticated administrator privileges. Applying input validation and sanitization on the upload_caption parameter to prevent directory traversal sequences is critical. If a patch or updated version of e107 CMS addressing this vulnerability is available, promptly apply it. Additionally, monitoring and restricting file upload types and locations can reduce risk. As a temporary measure, disabling the remote URL upload functionality in the Media Manager or restricting write permissions on directories outside the intended upload folder can help prevent exploitation. [2]