CVE-2025-11941 | e107 CMS up to 2.3.3 Avatar image.php?mode=main&action=avatar multiaction[] path traversal

A vulnerability was found in e107 CMS up to 2.3.3. It has been classified as critical. This impacts an unknown function of the file /e107_admin/image.php?mode=main&action=avatar of the component Avatar Handler. Performing manipulation of the argument multiaction[] results in path traversal.

This vulnerability is cataloged as CVE-2025-11941. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-11941 | e107 CMS up to 2.3.3 Avatar image.php?mode=main&action=avatar multiaction[] path traversal

Post correlati

CVE-2024-33690 | Jegstudio Financio Plugin up to 1.1.3 on WordPress cross-site request forgery

CVE-2024-26352 | flusity CMS 2.33 add_places.php cross-site request forgery

CVE-2024-12373 | Rockwell Automation PowerMonitor 1000 Remote buffer overflow (icsa-24-352-03)

CVE-2023-4232 | oFono SMS Decoder stack-based overflow (ZDI-23-1860)