HIGH
E107
CVE published 2026-05-10
CVE-2021-47937
CVE-2021-47937 affects e107 CMS 2.3.0 and is described as an authenticated remote code execution vulnerability. An attacker with theme installation permissions can upload a crafted theme package through theme.php, place a web shell in the e107_themes directory, and then run system commands via payload.php. The record is published as a high-severity issue (CVSS 8.7) and should be treated as a serious post- [truncated]