Description

e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plug-in provided by the attacker.

Remediation

References

CVE-2017-8098

Related Vulnerabilities

WordPress Plugin WordPress Download Manager Cross-Site Scripting (2.9.51)

XWiki Uncontrolled Resource Consumption Vulnerability (CVE-2024-21651)

Joomla Cryptographic Issues Vulnerability (CVE-2014-7228)

WebLogic Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2021-21350)

Moment.js Uncontrolled Resource Consumption Vulnerability (CVE-2016-4055)

Severity

Medium

Classification

CVE-2017-8098 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities