CVE-2018-15901
HIGH
8.8
CVSS Severity Score
Vulnerability Description
e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.
Affected Platforms (CPE)
📦
E107
CVEブラウザに戻る
関連する脆弱性情報
CVE-2008-198910.0
PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is ...
CVE-2021-479378.8
e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions ...
CVE-2021-278858.8
usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.
CVE-2016-107538.8
e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.