Cross-Site Request Forgery Vulnerability in e107 CMS by e107 Inc.
CVE-2021-27885

8.8HIGH

Key Information:

Vendor

E107

Status
E107
Vendor
CVE Published:
2 March 2021

What is CVE-2021-27885?

The e107 CMS version 2.3.0 is exposed to a cross-site request forgery (CSRF) vulnerability due to the absence of an essential e_TOKEN protection mechanism in the usersettings.php file. This security flaw enables attackers to perform unauthorized actions on behalf of legitimate users, potentially leading to critical security breaches.

References

https://github.com/e107inc/e107/releases
x_refsource_MISC
https://github.com/e107inc/e107/commit/d9efdb9b5f424b4996...
x_refsource_MISC
http://packetstormsecurity.com/files/161651/e107-CMS-2.3....
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.