Description
Cross-site request forgery (CSRF) vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the user_include parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Photo Album Plus Unspecified Vulnerability (6.5.00)
PHP Other Vulnerability (CVE-2014-4698)
Drupal CVE-2009-3352 Vulnerability (CVE-2009-3352)
WordPress Plugin WordPress Photo Gallery by Gallery Bank SQL Injection (3.0.229)
WordPress Plugin Polo Video Gallery-Best wordpress video gallery Cross-Site Scripting (1.2)