E107 : Security Vulnerabilities, CVEs, Published In April 2017 (CSRF)
e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plug-in provided by the attacker.
Max CVSS
6.5
EPSS Score
0.10%
Published
2017-04-24
Updated
2017-04-29
1 vulnerabilities found