Back to search
CVE-2010-5084
Published: Feb 14, 2012
Modified: Sep 16, 2024
PUBLISHED
Description
The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers to hijack the authentication of administrators for requests that add new users via e107_admin/users.php.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.madirish.net/?article=471
x_refsource_MISC
http://e107.org/comment.php?comment.news.872
x_refsource_CONFIRM
1024351
vdb-entry
x_refsource_SECTRACK
41034
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now