[Forgot Password]
Login  Register Subscribe

23631

 
 

122183

 
 

98060

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2010-5084

Date: (C)2012-02-14   (M)2015-12-16 


The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers to hijack the authentication of administrators for requests that add new users via e107_admin/users.php.

CVSS Score: 6.0Access Vector: NETWORK
Exploit Score: 6.8Access Complexity: MEDIUM
Impact Score: 6.4Authentication: SINGLE_INSTANCE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
SECTRACK-1024351
SECUNIA-41034
http://e107.org/comment.php?comment.news.872
http://www.madirish.net/?article=471

CPE    24
cpe:/a:e107:e107:0.7.0
cpe:/a:e107:e107:0.7.20
cpe:/a:e107:e107:0.7.21
cpe:/a:e107:e107:0.7.22
...
CWE    1
CWE-352

© 2013 SecPod Technologies