CVE-2025-11941 | e107 CMS up to 2.3.3 Avatar image.php?mode=main&action=avatar multiaction[] path traversal

A vulnerability was found in e107 CMS up to 2.3.3. It has been classified as critical. This impacts an unknown function of the file /e107_admin/image.php?mode=main&action=avatar of the component Avatar Handler. Performing manipulation of the argument multiaction[] results in path traversal.

This vulnerability is cataloged as CVE-2025-11941. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More