cpe:/a:e107:e107:0.6_10 cpe:/a:e107:e107:0.6_11 cpe:/a:e107:e107:0.6_12 cpe:/a:e107:e107:0.6_13 cpe:/a:e107:e107:0.6_14 cpe:/a:e107:e107:0.6_15 cpe:/a:e107:e107:0.6_15a cpe:/a:e107:e107:0.7 cpe:/a:e107:e107:0.7.0 cpe:/a:e107:e107:0.7.1 cpe:/a:e107:e107:0.7.2 cpe:/a:e107:e107:0.7.3 cpe:/a:e107:e107:0.7.4 cpe:/a:e107:e107:0.7.5 cpe:/a:e107:e107:0.7.6 cpe:/a:e107:e107:0.7.7 cpe:/a:e107:e107:0.7.8 cpe:/a:e107:e107:0.7.9 cpe:/a:e107:e107:0.7.10 cpe:/a:e107:e107:0.7.11 cpe:/a:e107:e107:0.7.12 cpe:/a:e107:e107:0.7.13 cpe:/a:e107:e107:0.7.14 cpe:/a:e107:e107:0.7.15 cpe:/a:e107:e107:0.7.16 cpe:/a:e107:e107:0.7.17 cpe:/a:e107:e107:0.7.18 cpe:/a:e107:e107:0.7.19 cpe:/a:e107:e107:0.7.20 cpe:/a:e107:e107:0.7.21 cpe:/a:e107:e107:0.7.22 cpe:/a:e107:e107:0.545 cpe:/a:e107:e107:0.547:beta cpe:/a:e107:e107:0.548:beta cpe:/a:e107:e107:0.549:beta cpe:/a:e107:e107:0.551:beta cpe:/a:e107:e107:0.552:beta cpe:/a:e107:e107:0.553:beta cpe:/a:e107:e107:0.554 cpe:/a:e107:e107:0.554:beta cpe:/a:e107:e107:0.555:beta cpe:/a:e107:e107:0.600 cpe:/a:e107:e107:0.601 cpe:/a:e107:e107:0.602 cpe:/a:e107:e107:0.603 cpe:/a:e107:e107:0.604 cpe:/a:e107:e107:0.605 cpe:/a:e107:e107:0.606 cpe:/a:e107:e107:0.607 cpe:/a:e107:e107:0.608 cpe:/a:e107:e107:0.609 cpe:/a:e107:e107:0.610 cpe:/a:e107:e107:0.611 cpe:/a:e107:e107:0.612 cpe:/a:e107:e107:0.613 cpe:/a:e107:e107:0.614 cpe:/a:e107:e107:0.615 cpe:/a:e107:e107:0.615a cpe:/a:e107:e107:0.616 cpe:/a:e107:e107:0.617 cpe:/a:e107:e107:0.6171 cpe:/a:e107:e107:0.6172 cpe:/a:e107:e107:0.6173 cpe:/a:e107:e107:0.6174 cpe:/a:e107:e107:0.6175 CVE-2010-5084 2012-02-14T15:55:02.737-05:00 2012-02-15T00:00:00.000-05:00 6.0 NETWORK MEDIUM SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2012-02-15T16:24:00.000-05:00 SECTRACK 1024351 SECUNIA 41034 CONFIRM http://e107.org/comment.php?comment.news.872 MISC http://www.madirish.net/?article=471 The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers to hijack the authentication of administrators for requests that add new users via e107_admin/users.php.