Description
The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers to hijack the authentication of administrators for requests that add new users via e107_admin/users.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Cardinity Payment Gateway for WooCommerce Cross-Site Scripting (3.0.6)
Oracle Database Server Out-of-bounds Read Vulnerability (CVE-2025-53051)
PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0061)
Oracle Database Server CVE-2010-0892 Vulnerability (CVE-2010-0892)