CVE-2010-5084
e107 < 0.7.23 - Cross-Site Request Forgery via Predictable Admin Token
Title source: llmDescription
The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers to hijack the authentication of administrators for requests that add new users via e107_admin/users.php.
References (4)
Core 4
Core References
Various Sources x_refsource_misc
http://www.madirish.net/?article=471
Various Sources x_refsource_confirm
http://e107.org/comment.php?comment.news.872
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1024351
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/41034
Scores
EPSS
0.0053
EPSS Percentile
41.0%
Details
CWE
CWE-352
Status
published
Products (49)
e107/e107
0.6_10
e107/e107
0.6_11
e107/e107
0.6_12
e107/e107
0.6_13
e107/e107
0.6_14
e107/e107
0.6_15
e107/e107
0.6_15a
e107/e107
0.7
e107/e107
0.7.0
e107/e107
0.7.1
... and 39 more
Published
Feb 14, 2012
Tracked Since
Feb 18, 2026