Skip to main content

e107 CMS EUVD-2026-31849

| CVE-2026-43934 MEDIUM
Improper Access Control (CWE-284)
2026-05-26 GitHub_M
Authentication Bypass E107
6.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

3
Source Code Evidence Fetched
Jun 08, 2026 - 12:23 vuln.today
Analysis Generated
Jun 08, 2026 - 12:23 vuln.today
Patch available
May 26, 2026 - 17:02 EUVD

DescriptionGitHub Advisory

e107 is a content management system (CMS). Prior to 2.3.4, a Broken Access Control vulnerability exists in the application, allowing an unauthorized authenticated user to edit comments posted by others. This stems from inadequate server-side access control validation, where the application depends only on a predictable identifier in the request to determine which comment to edit, without confirming the requesting user’s ownership of the comment. This vulnerability is fixed in 2.3.4.

AnalysisAI

Broken access control in e107 CMS prior to version 2.3.4 permits any low-privileged authenticated user to overwrite comments authored by other users, including administrators. The server-side updateComment() function in comment_class.php accepted a comment_id from the request and issued an UPDATE SQL query filtered only by that identifier, never verifying that the requesting user owned the targeted comment. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain valid user account on target e107 site
Delivery
Identify sequential comment_id values via page source or comment URLs
Exploit
Craft edit request with target comment_id belonging to another user
Execution
Submit request to comment update endpoint
Persist
Server executes UPDATE without ownership check
Impact
Attacker-controlled content overwrites victim's comment
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid authenticated user session on the target e107 instance (PR:L per CVSS vector) - unauthenticated access is not sufficient. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N yields a score of 6.5 (Medium). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker registers a standard user account on a public e107 community site, then iterates through sequential comment_id values in the comment edit endpoint, submitting crafted POST requests targeting comments authored by other users or administrators. Because the server performs no ownership validation before version 2.3.4, the attacker's content replaces the original comment without error. …
Remediation Upgrade e107 to version 2.3.4 or later, which applies the server-side ownership check introduced in commit 23961a8f (https://github.com/e107inc/e107/commit/23961a8f). … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-31849 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy