Description
e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page.
Remediation
References
Related Vulnerabilities
Roundcube Cross-site Scripting (XSS) Vulnerability (CVE-2015-8793)
Oracle Database Server SYS Account privilege issue (CVE-2021-2000)
WordPress Plugin Ad Invalid Click Protector (AICP) Malicious Code (1.2.9)
Drupal Core 5.x SQL Injection (5.0 - 5.3)
WordPress Plugin All-in-One WP Migration Security Bypass (2.0.4)