WEB APPLICATION VULNERABILITIES Standard & Premium

e107 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-15901)

Description

e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.

Remediation

References

Related Vulnerabilities

PostgreSQL Numeric Errors Vulnerability (CVE-2007-6067)

Apache Tomcat Other Vulnerability (CVE-2006-7195)

PHP Resource Management Errors Vulnerability (CVE-2010-2225)

MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-2922)

Oracle Database Server CVE-2011-0877 Vulnerability (CVE-2011-0877)

Severity

High

Classification

CVE-2018-15901 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities