6

CVE-2010-5084

The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers to hijack the authentication of administrators for requests that add new users via e107_admin/users.php.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
E107E107 Version <= 0.7.22
E107E107 Version0.6_10
E107E107 Version0.6_11
E107E107 Version0.6_12
E107E107 Version0.6_13
E107E107 Version0.6_14
E107E107 Version0.6_15
E107E107 Version0.6_15a
E107E107 Version0.7
E107E107 Version0.7.0
E107E107 Version0.7.1
E107E107 Version0.7.2
E107E107 Version0.7.3
E107E107 Version0.7.4
E107E107 Version0.7.5
E107E107 Version0.7.6
E107E107 Version0.7.7
E107E107 Version0.7.8
E107E107 Version0.7.9
E107E107 Version0.7.10
E107E107 Version0.7.11
E107E107 Version0.7.12
E107E107 Version0.7.13
E107E107 Version0.7.14
E107E107 Version0.7.15
E107E107 Version0.7.16
E107E107 Version0.7.17
E107E107 Version0.7.18
E107E107 Version0.7.19
E107E107 Version0.7.20
E107E107 Version0.7.21
E107E107 Version0.545
E107E107 Version0.547 Updatebeta
E107E107 Version0.548 Updatebeta
E107E107 Version0.549 Updatebeta
E107E107 Version0.551 Updatebeta
E107E107 Version0.552 Updatebeta
E107E107 Version0.553 Updatebeta
E107E107 Version0.554
E107E107 Version0.554 Updatebeta
E107E107 Version0.555 Updatebeta
E107E107 Version0.600
E107E107 Version0.601
E107E107 Version0.602
E107E107 Version0.603
E107E107 Version0.604
E107E107 Version0.605
E107E107 Version0.606
E107E107 Version0.607
E107E107 Version0.608
E107E107 Version0.609
E107E107 Version0.610
E107E107 Version0.611
E107E107 Version0.612
E107E107 Version0.613
E107E107 Version0.614
E107E107 Version0.615
E107E107 Version0.615a
E107E107 Version0.616
E107E107 Version0.617
E107E107 Version0.6171
E107E107 Version0.6172
E107E107 Version0.6173
E107E107 Version0.6174
E107E107 Version0.6175
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.28
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6 6.8 6.4
AV:N/AC:M/Au:S/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.