Description
Cross-site request forgery (CSRF) vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the user_include parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP DSGVO Tools (GDPR) Security Bypass (3.1.23)
Ruby on Rails Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-8167)
Ruby on Rails CVE-2018-16477 Vulnerability (CVE-2018-16477)
PHP NULL Pointer Dereference Vulnerability (CVE-2017-6441)
WordPress Plugin Product Size charts for Woocommerce Unspecified Vulnerability (1.0)