Description
e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page.
Remediation
References
Related Vulnerabilities
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Cross-Site Scripting (1.5.22)
WordPress Plugin LayerSlider Responsive WordPress Slider Multiple Vulnerabilities (6.2.0)
MySQL CVE-2017-3638 Vulnerability (CVE-2017-3638)
Microsoft SQL Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2003-0230)