CVE-2010-5084

e107 < 0.7.23 - Cross-Site Request Forgery via Predictable Admin Token

Title source: llm
STIX 2.1

Description

The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers to hijack the authentication of administrators for requests that add new users via e107_admin/users.php.

References (4)

Core 4
Core References
Various Sources x_refsource_misc
http://www.madirish.net/?article=471
Various Sources x_refsource_confirm
http://e107.org/comment.php?comment.news.872
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1024351
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/41034

Scores

EPSS 0.0053
EPSS Percentile 41.0%

Details

CWE
CWE-352
Status published
Products (49)
e107/e107 0.6_10
e107/e107 0.6_11
e107/e107 0.6_12
e107/e107 0.6_13
e107/e107 0.6_14
e107/e107 0.6_15
e107/e107 0.6_15a
e107/e107 0.7
e107/e107 0.7.0
e107/e107 0.7.1
... and 39 more
Published Feb 14, 2012
Tracked Since Feb 18, 2026