Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

e107 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-11127)

Description

e107 2.1.7 has CSRF resulting in arbitrary user deletion.

Remediation

References

Related Vulnerabilities

WordPress Plugin iPanorama 360 WordPress Virtual Tour Builder Cross-Site Scripting (1.6.21)

MySQL CVE-2016-0663 Vulnerability (CVE-2016-0663)

WordPress 5.0.x Multiple Vulnerabilities (5.0 - 5.0.6)

WordPress Plugin Tutor LMS-eLearning and online course solution Security Bypass (2.6.1)

MySQL CVE-2014-6463 Vulnerability (CVE-2014-6463)

Severity

Medium

Classification

CVE-2018-11127 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities