E107 : Security Vulnerabilities, CVEs, Published In 2018 (CSRF)

CVE-2018-11127

e107 2.1.7 has CSRF resulting in arbitrary user deletion.
Max CVSS
6.5
EPSS Score
0.05%
Published
2018-05-15
Updated
2018-06-19

CVE-2018-15901

e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.
Max CVSS
8.8
EPSS Score
0.18%
Published
2018-08-28
Updated
2018-11-02

CVE-2018-17081

e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page.
Max CVSS
4.3
EPSS Score
0.12%
Published
2018-09-26
Updated
2018-11-26
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close