usersettings.php in e107 up to and including 2.3.0 lacks a certain e_TOKEN protection mechanism.
e107 e107