Description

Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remote attackers to hijack the authentication of administrators for requests that conduct XSS attacks via the news_title parameter in a create action.

Remediation

References

CVE-2012-6433

Related Vulnerabilities

WordPress Plugin WPML Translation Management PHP Object Injection (2.4.1)

ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-7366)

WordPress Plugin RegistrationMagic-Custom Registration Forms, User Registration, Payment, and User Login Multiple Vulnerabilities (3.7.9.2)

IBM WebSEAL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1886)

MySQL CVE-2016-0655 Vulnerability (CVE-2016-0655)

Severity

Medium

Classification

CVE-2012-6433 CWE-352

Tags

Missing Update Known Vulnerabilities