CVE-2012-6433

e107 1.0.1 - Cross-Site Request Forgery via News Title Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-6433. PoCs published by Joshua Reynolds.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in e107 v1.0.1, allowing an attacker to force an authenticated administrator to execute arbitrary JavaScript by submitting a malicious POST request. The JavaScript can be used to steal cookies or perform other client-side attacks.

Description

Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remote attackers to hijack the authentication of administrators for requests that conduct XSS attacks via the news_title parameter in a create action.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Joshua Reynolds · textwebappsphp
https://www.exploit-db.com/exploits/23828

This exploit demonstrates a CSRF vulnerability in e107 v1.0.1, allowing an attacker to force an authenticated administrator to execute arbitrary JavaScript by submitting a malicious POST request. The JavaScript can be used to steal cookies or perform other client-side attacks.

Classification
Working Poc 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: e107 v1.0.1
Auth required
Prerequisites: Victim must be an authenticated administrator · Victim must visit a malicious page or be tricked into submitting the form
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Various Sources x_refsource_confirm
http://e107.org/changelog
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/23828/

Scores

EPSS 0.0196
EPSS Percentile 77.8%

Details

CWE
CWE-352
Status published
Products (1)
e107/e107 1.0.1
Published Jan 03, 2013
Tracked Since Feb 18, 2026