CVE-2026-43934
MEDIUM
NVD
CVSS Score
6.5
Severity
MEDIUM
Published
May 26, 2026
Vendor
unknown
Description
e107 is a content management system (CMS). Prior to 2.3.4, a Broken Access Control vulnerability exists in the application, allowing an unauthorized authenticated user to edit comments posted by others. This stems from inadequate server-side access control validation, where the application depends only on a predictable identifier in the request to determine which comment to edit, without confirming the requesting userβs ownership of the comment. This vulnerability is fixed in 2.3.4.