QwikSec

Security Database

CVE

CWE

Training

CVE-2011-4947

Published: Aug 31, 2012

Modified: Aug 7, 2024

PUBLISHED

Description

Cross-site request forgery (CSRF) vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the user_include parameter.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20120328 CVE-request: e107 HTB23004

mailing-list

x_refsource_MLIST

https://www.htbridge.com/advisory/multiple_vulnerabilities_in_e107_1.html

x_refsource_MISC

http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/users_extended.php?r1=12225&r2=12306

x_refsource_CONFIRM

http://e107.org/svn_changelog.php?version=0.7.26

x_refsource_CONFIRM

[oss-security] 20120328 Re: CVE-request: e107 HTB23004

mailing-list

x_refsource_MLIST

e107-usersextended-xss(68062)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.