Skip to main content

e107 CMS EUVD-2026-31851

| CVE-2026-46620 MEDIUM
Improper Authorization (CWE-285)
2026-05-26 GitHub_M
CSRF Authentication Bypass E107
6.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jun 08, 2026 - 12:16 vuln.today
Patch available
May 26, 2026 - 17:02 EUVD

DescriptionGitHub Advisory

e107 is a content management system (CMS). Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how session_handler::check() handles CSRF tokens. Instead of requiring a token on every state-changing request, it only validates the token if one happens to be present. If there is no token at all, the check is skipped entirely. This vulnerability is fixed in 2.3.5.

AnalysisAI

CSRF protection bypass in e107 CMS prior to 2.3.5 allows unauthenticated remote attackers to perform unauthorized comment moderation actions by tricking an authenticated user into visiting a malicious page. The root flaw is in session_handler::check(), which skips CSRF token validation entirely when no token is submitted, rather than rejecting the tokenless request - effectively making CSRF protection opt-in from the attacker's perspective. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Attacker crafts hidden form targeting moderation endpoint
Delivery
Lures authenticated moderator to malicious page
Exploit
Browser auto-submits forged request with victim session cookie
Execution
No CSRF token present, session_handler::check() skips validation
Impact
Unauthorized comment moderation action executes
Sign in to reveal

Vulnerability AssessmentAI

Exploitation The victim must be an authenticated e107 user with comment moderation privileges and must have an active session at the time of exploitation. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 6.5 score (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) reflects meaningful integrity impact - an attacker can manipulate comment moderation without any account of their own - but the UI:R component is a critical limiting factor: exploitation requires social engineering an authenticated moderator into visiting an attacker-controlled page while their session is active. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker hosts a webpage containing a hidden HTML form that submits a POST request to the target e107 site's comment moderation endpoint, deliberately omitting the CSRF token field. The attacker lures an authenticated e107 comment moderator to visit this page - via phishing email or a malicious link. …
Remediation Upgrade to e107 version 2.3.5, which contains the vendor-released fix for this vulnerability as confirmed by the GitHub advisory GHSA-m4hh-m278-jwg5. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-31851 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy