返回 CVE 浏览器

CVE-2021-27885

HIGH

8.8

CVSS Severity Score

EPSS Score0.0950%

EPSS Percentile5.29th

Published2021年3月2日

Last Modified2024年11月21日

Vulnerability Description

usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.

Affected Platforms (CPE)

📦

E107

E107

<= 2.3.0

References & Advisories

🔗 http://packetstormsecurity.com/files/161651/e107-CMS-2.3.0-Cross-Site-Request-Forgery.html

🔗 https://github.com/e107inc/e107/commit/d9efdb9b5f424b4996c276e754a380a5e251f472

🔗 https://github.com/e107inc/e107/releases

🔗 http://packetstormsecurity.com/files/161651/e107-CMS-2.3.0-Cross-Site-Request-Forgery.html

🔗 https://github.com/e107inc/e107/commit/d9efdb9b5f424b4996c276e754a380a5e251f472

🔗 https://github.com/e107inc/e107/releases

相关漏洞威胁

CVE-2008-198910.0

PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is ...

CVE-2018-159018.8

e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.

CVE-2021-479378.8

e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions ...

CVE-2016-107538.8

e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.