Skip to main content

E107 CVE-2018-11127

MEDIUM
Cross-Site Request Forgery (CSRF) (CWE-352)
2018-05-15 cve@mitre.org
6.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
May 15, 2018 - 17:29 nvd
MEDIUM 6.5

DescriptionNVD

e107 2.1.7 has CSRF resulting in arbitrary user deletion.

AnalysisAI

e107 2.1.7 has CSRF resulting in arbitrary user deletion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. Affected products include: E107.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

More in E107

View all
CVE-2022-50905 CRITICAL POC
9.8 Jan 13

e107 CMS 3.2.1 has multiple XSS vulnerabilities in news comments that allow executing arbitrary JavaScript. Rated CVSS 9

CVE-2021-27885 HIGH POC
8.8 Mar 02

usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism. Rated high severity (CVSS 8.8), thi

CVE-2018-15901 HIGH POC
8.8 Aug 28

e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including admini

CVE-2022-50939 HIGH POC
7.2 Jan 13

e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to overrid

CVE-2016-10378 HIGH POC
7.2 May 29

e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.ph

CVE-2022-50907 HIGH POC
7.2 Jan 13

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrative users to bypass upl

CVE-2022-50916 HIGH POC
7.2 Jan 13

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators to override server

CVE-2018-16388 HIGH POC
7.2 Sep 12

e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php

CVE-2012-6433 MEDIUM POC
6.8 Jan 03

Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remote attackers to hija

CVE-2012-6434 MEDIUM POC
6.8 Jan 03

Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2 allow remote attacke

CVE-2018-16381 MEDIUM POC
6.1 Sep 05

e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter. Rated medium severity (C

CVE-2023-36121 MEDIUM POC
5.4 Aug 02

Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the descriptio

Share

CVE-2018-11127 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy