infosec4breakfast

e107 Vulnerability

Hey all :) looks like I have found a fairly critical vulnerability in e107 v1.01, I won’t be posting any details of my findings until the vendor release process is over and done with, but I haven’t been this excited about something like this in a while. I will keep you updated! As for now, I will continue to look into a number of their processes since they seem fairly interesting.

Update: The vulnerability has been patched in a recent revision, however, the vendor has asked me to hang tight since they are addressing other issues currently. I have a few other issues that I am pursuing so I’ll be posting these soon enough as well.

-Josh