Published: 03/01/2013 Updated: 07/01/2013

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2 allow remote malicious users to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) download_url, (2) download_url_extended, (3) download_author_email, (4) download_author_website, (5) download_image, (6) download_thumb, (7) download_visible, or (8) download_class parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
e107 e107 1.0.2

# Exploit Title: e107 v102 Administrator CSRF Resulting in SQL Injection # Google Dork: intext:"This site is powered by e107" # Date: 01/01/13 # Exploit Author: Joshua Reynolds # Vendor Homepage: e107org # Software Link: sourceforgenet/projects/e107/files/e107/e107%20v102/e107_102_fulltargz/download # Version: 102 # Tested ...

e107 version 102 suffers from a cross site request forgery vulnerability that results in SQL injection ...

CWE-352 http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/download.php?sortdir=down&r1=13037&r2=13058&sortby=rev http://www.exploit-db.com/exploits/23829/http://e107.org/changelog https://nvd.nist.gov https://www.exploit-db.com/exploits/23829/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-6434

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect