e107

This release of e107 includes the fixes for the e_parse issues introduced with the last release (sorry about that). It also includes a fix for a small security issue.

More information here.

Download link here.

Release date : May 27, 2010

An urgent security release of e107 has been made available. This is a mandatory update for those running the popular content management system. A full changelog identifying the fixes can be found here.

Please ensure you upgrade immediately. You can do so by downloading the latest version here.

The e107 “click_url” SQL Injection Vulnerability can be exploited by malicious users to conduct SQL injection attacks.

Input passed via the “click_url” parameter to e107_admin/banner.php is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation requires access to the administrative banner section. The vulnerability is confirmed in version 0.7.20. Other versions may also be affected.

Secunia Research has discovered two vulnerabilities in e107, which can be exploited by malicious users to conduct script insertion attacks or to compromise a vulnerable system.

1) An error exists in the handling of file uploads for avatar or photograph images. This can be exploited by to upload and execute arbitrary PHP code via a specially crafted image file with an ".php.filetypesphp" extension.

A step by step tutorial to getting your e107 website up and running fast

  • Get your e107 website up fast
  • Simple and practical guide to mastering e107
  • Customize and extend your e107 site with new templates and the CMS plug-in

 

The e107 Debugger Addon for Firefox is now compatible with Firefox v3.6.

More info can be found about it here.

e107 released 0.7.20 as a security update to fix two potential security issues in e107.

The exact details of the security was not released by e107.org, but one involves being able to upload a malicious file. It requires an odd set of preferences and a missing file to allow it to happen though, so the threat is pretty low according to e107.org.

Front-end interface screenshot: 
Back-end interface screenshot: 
Presentation: 

e107 is a content management system written in PHP and using the popular open source MySQL database system for content storage. It's completely free, totally customizable and in constant development.

e107 is extremely easy to install, configure and the control panel is one of the easiest CMS control panels.

Type: 
CMS/Portal
Year project started: 
2002
Latest release: 
0.7.22 - May 27, 2010
License: 
GPL
Available modules and features: 
Blog
Available modules and features: 
Contact form
Available modules and features: 
Forum
Available modules and features: 
File manager
Available modules and features: 
Poll
Available modules and features: 
RSS
Available modules and features: 
Search form
Available modules and features: 
Shoutbox
Available modules and features: 
User registration
Available modules and features: 
WYSIWYG
Available modules and features: 
...
PHP version required: 
4.x or greater
Database compatibility: 
MySQL
Native language: 
English
Translated To: 
Many (view the CMS website for complete list)
Multilinguage support: 
Yes

User login