Published: 03/01/2013 Updated: 07/01/2013

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remote malicious users to hijack the authentication of administrators for requests that conduct XSS attacks via the news_title parameter in a create action.

Vulnerable Product	Search on Vulmon	Subscribe to Product
e107 e107 1.0.1

# Exploit Title: e107 v101 Administrator CSRF Resulting in Arbitrary Javascript Execution # Google Dork: intext:"This site is powered by e107" # Date: 01/01/13 # Exploit Author: Joshua Reynolds # Vendor Homepage: e107org # Software Link: sourceforgenet/projects/e107/files/e107/e107%20v101/e107_101_fulltargz/download # Versio ...

e107 version 101 suffers from a cross site request forgery vulnerability that results in arbitrary javascript execution ...

CWE-352 http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/newspost.php?sortdir=down&r1=12622&r2=12992&sortby=rev http://e107.org/changelog http://www.exploit-db.com/exploits/23828/https://nvd.nist.gov https://www.exploit-db.com/exploits/23828/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-6433

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect