Description

e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.

Remediation

References

CVE-2018-15901

Related Vulnerabilities

WordPress Plugin Permalink Manager Lite Cross-Site Request Forgery (2.2.19.2)

OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2178)

Jboss EAP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-14900)

Apache HTTP Server CVE-2009-1191 Vulnerability (CVE-2009-1191)

WordPress Plugin miniOrange's Google Authenticator-WordPress Two Factor Authentication (2FA, MFA, OTP SMS and Email)-Passwordless login Cross-Site Scripting (5.4.39)

Severity

High

Classification

CVE-2018-15901 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities