Cross-Site Request Forgery in e107 Content Management System by e107inc
CVE-2017-8098

6.5MEDIUM

Key Information:

Vendor

E107

Status
E107
Vendor
CVE Published:
3 October 2022

What is CVE-2017-8098?

e107 version 2.1.4 is susceptible to Cross-Site Request Forgery (CSRF), which allows an attacker to manipulate the system into downloading and installing plugins without proper user consent. By crafting a malicious web page, an attacker can send forged requests to the e107 platform, potentially leading to unauthorized plugin installations that compromise the security and functionality of the website.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/e107inc/e107/commit/7a3e3d9fc7e05ce694...
x_refsource_MISC
http://seclists.org/fulldisclosure/2017/Apr/40
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.