Description

e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plug-in provided by the attacker.

Remediation

References

CVE-2017-8098

Related Vulnerabilities

Moment.js Other Vulnerability (CVE-2022-31129)

WordPress Plugin WordPress File Upload Arbitrary File Upload (3.8.5)

Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-45020)

WordPress Plugin Web Stories Server-Side Request Forgery (1.24.0)

ReviveAdserver Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-7368)

Severity

Medium

Classification

CVE-2017-8098 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities