CVE-2011-4947

e107 < 0.7.26 - Cross-Site Request Forgery via user_include Parameter

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the user_include parameter.

References (6)

Core 6
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/03/28/4
Various Sources x_refsource_confirm
http://e107.org/svn_changelog.php?version=0.7.26
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/03/29/3
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/68062

Scores

EPSS 0.0068
EPSS Percentile 48.1%

Details

CWE
CWE-352
Status published
Products (25)
e107/e107 0.7
e107/e107 0.7.0
e107/e107 0.7.1
e107/e107 0.7.2
e107/e107 0.7.3
e107/e107 0.7.4
e107/e107 0.7.5
e107/e107 0.7.6
e107/e107 0.7.7
e107/e107 0.7.8
... and 15 more
Published Aug 31, 2012
Tracked Since Feb 18, 2026