Description usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism. Remediation References CVE-2021-27885 Related Vulnerabilities MySQL CVE-2021-2203 Vulnerability (CVE-2021-2203) WordPress Plugin WP-reCAPTCHA HTML Injection and Cross-Site Request Forgery Vulnerabilities (2.9.8.2) Oracle Database Server Other Vulnerability (CVE-2007-3859) Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3170) Roundcube Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') Vulnerability (CVE-2020-12641) Severity High Classification CVE-2021-27885 CWE-326 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities