CVE-2018-17081

MEDIUM

e107 2.1.9 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2018-17081. PoCs published by himanshurahi1996, himanshurahi.

AI-analyzed exploit summary The repository contains only a README with minimal information about CVE-2018-17081 and no functional exploit code or technical details. It appears to be a placeholder without substantive content.

Description

e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page.

Exploits (2)

nomisec STUB
by himanshurahi1996 · poc
https://github.com/himanshurahi1996/e107_2.1.9_CSRF_POC

The repository contains only a README with minimal information about CVE-2018-17081 and no functional exploit code or technical details. It appears to be a placeholder without substantive content.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: e107 2.1.9
No auth needed
Prerequisites: none
devstral-2 · analyzed Apr 19, 2026 Full analysis →
nomisec STUB
by himanshurahi · poc
https://github.com/himanshurahi/e107_2.1.9_CSRF_POC

The repository contains only a README.md file with minimal information about CVE-2018-17081, lacking any actual exploit code or technical details. It appears to be a placeholder or incomplete submission.

Classification
Stub 30%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: e107 2.1.9
No auth needed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://github.com/himanshurahi/e107_2.1.9_CSRF_POC

Scores

CVSS v3 4.3
EPSS 0.0021
EPSS Percentile 43.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

CWE
CWE-352
Status published
Products (1)
e107/e107 2.1.9
Published Sep 26, 2018
Tracked Since Feb 18, 2026