Description
Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) download_url, (2) download_url_extended, (3) download_author_email, (4) download_author_website, (5) download_image, (6) download_thumb, (7) download_visible, or (8) download_class parameter.
Remediation
References
Related Vulnerabilities
Python CVE-2013-1753 Vulnerability (CVE-2013-1753)
GlassFish CVE-2010-4438 Vulnerability (CVE-2010-4438)
WordPress Plugin Active Directory Integration/LDAP Integration Unspecified Vulnerability (3.7.6)
WordPress Plugin Be POPIA Compliant Information Disclosure (1.1.5)
WordPress Plugin ProPlayer 'pp_playlist_id' Parameter SQL Injection (4.7.7)