CyberSec.Space Logo
Back to CVE Browser

CVE-2018-15901

HIGH
8.8
CVSS Severity Score
EPSS Score0.1790%
EPSS Percentile43.59th
PublishedAug 28, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.

Affected Platforms (CPE)

๐Ÿ“ฆ
E107

E107

= 2.1.8

References & Advisories

๐Ÿ”— https://github.com/dhananjay-bajaj/e107_2.1.8_csrf
๐Ÿ”— https://github.com/dhananjay-bajaj/e107_2.1.8_csrf/blob/master/E107_v2.1.8_CSRF_POC.pdf
๐Ÿ”— https://github.com/dhananjay-bajaj/e107_2.1.8_csrf

Related Vulnerabilities

CVE-2008-198910.0

PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is ...

CVE-2021-479378.8

e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions ...

CVE-2021-278858.8

usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.

CVE-2016-107538.8

e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.