Skip to main content

e107 CMS CVE-2026-43935

| EUVD-2026-31850 HIGH
Improper Input Validation (CWE-20)
2026-05-26 GitHub_M
Code Injection E107
8.1
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.1 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

3
Source Code Evidence Fetched
Jun 08, 2026 - 10:03 vuln.today
Analysis Generated
Jun 08, 2026 - 10:03 vuln.today
Patch available
May 26, 2026 - 17:02 EUVD

DescriptionGitHub Advisory

e107 is a content management system (CMS). Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows attackers to manipulate the Host header to generate password reset links pointing to attacker-controlled domains. This can lead to phishing attacks, account takeover, or other security risks. The severity is high, as the vulnerability affects a critical function related to user authentication. This vulnerability is fixed in 2.3.4.

AnalysisAI

Host Header Injection in e107 CMS versions prior to 2.3.4 allows remote attackers to poison password reset emails by manipulating the HTTP Host header, producing reset links that point to attacker-controlled domains. Successful exploitation enables credential harvesting and full account takeover, including administrator accounts, when a victim clicks the malicious reset link. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify target e107 site and victim email
Delivery
Send password reset POST with spoofed Host header
Exploit
Server emails victim a link pointing to attacker domain
Execution
Victim clicks link, token sent to attacker
Persist
Attacker replays token at legitimate site
Impact
Reset victim password and hijack account
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires (1) the target e107 instance to be running a version prior to 2.3.4 with the password reset (fpw.php) endpoint reachable, (2) the attacker to know or guess a valid victim email - ideally a privileged account - registered on the site, and (3) the victim to click the poisoned link in the resulting reset email (CVSS UI:R). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 score of 8.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N) reflects unauthenticated network attack with required user interaction - the victim must click the poisoned reset link in their inbox, which is realistic for phishing-style abuse. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker sends a password reset request for a known administrator's email address to the e107 site but sets the HTTP Host header to attacker.example. The application generates a reset email containing a link such as https://attacker.example/fpw.php?<token>; when the administrator clicks it, the valid reset token is delivered to the attacker's server, which replays it against the legitimate site to seize the admin account. …
Remediation Vendor-released patch: upgrade e107 to version 2.3.4 or later, which sources the reset link host from the administrator-configured 'siteurl' preference rather than the request Host header and blocks the reset flow when that preference is empty (see GHSA-7pmw-jwvr-cq2x and commits 04511f9, b0dee82, c4f9f71 in the e107inc/e107 repository). … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

24 hours: Identify all systems running e107 CMS and determine current versions; notify system owners and administrators. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-43935 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy