CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2018-15901

HIGH
8.8
CVSS Severity Score
EPSS Score0.1790%
EPSS Percentile43.59th
Published2018年8月28日
Last Modified2024年11月21日

Vulnerability Description

e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.

Affected Platforms (CPE)

📦
E107

E107

= 2.1.8

References & Advisories

🔗 https://github.com/dhananjay-bajaj/e107_2.1.8_csrf
🔗 https://github.com/dhananjay-bajaj/e107_2.1.8_csrf/blob/master/E107_v2.1.8_CSRF_POC.pdf
🔗 https://github.com/dhananjay-bajaj/e107_2.1.8_csrf

相關漏洞威脅

CVE-2008-198910.0

PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is ...

CVE-2021-479378.8

e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions ...

CVE-2021-278858.8

usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.

CVE-2016-107538.8

e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.