CVE-2011-4947
e107 < 0.7.26 - Cross-Site Request Forgery via user_include Parameter
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the user_include parameter.
References (6)
Core 6
Core References
Vendor Advisory x_refsource_misc
https://www.htbridge.com/advisory/multiple_vulnerabilities_in_e107_1.html
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/03/28/4
Product x_refsource_confirm
http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/users_extended.php?r1=12225&r2=12306
Various Sources x_refsource_confirm
http://e107.org/svn_changelog.php?version=0.7.26
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/03/29/3
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/68062
Scores
EPSS
0.0068
EPSS Percentile
48.1%
Details
CWE
CWE-352
Status
published
Products (25)
e107/e107
0.7
e107/e107
0.7.0
e107/e107
0.7.1
e107/e107
0.7.2
e107/e107
0.7.3
e107/e107
0.7.4
e107/e107
0.7.5
e107/e107
0.7.6
e107/e107
0.7.7
e107/e107
0.7.8
... and 15 more
Published
Aug 31, 2012
Tracked Since
Feb 18, 2026