Description
e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page.
Remediation
References
Related Vulnerabilities
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-0798)
Joomla! Core 3.9.x Cross-Site Scripting (3.9.0 - 3.9.23)
Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2024-1635)
WordPress Plugin StatPress Multiple Unspecified Vulnerabilities (1.4.1)
WordPress Plugin Restaurant Reservations Privilege Escalation (1.3)