Vulnerability Details CVE-2014-9459
Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allows remote attackers to hijack the authentication of administrators for requests that add users to the administrator group via the id parameter in an admin action.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.1%
CVSS Severity
CVSS v2 Score 6.8
References
- http://packetstormsecurity.com/files/129751/e107-2.0-Alpha2-Cross-Site-Request-Forgery.html
- http://seclists.org/fulldisclosure/2014/Dec/124
- http://sroesemann.blogspot.de/2014/12/sroeadv-2014-04.html
- https://github.com/e107inc/e107/commit/9249f892b1e635979db2a830393694fb73531080
- http://packetstormsecurity.com/files/129751/e107-2.0-Alpha2-Cross-Site-Request-Forgery.html
- http://seclists.org/fulldisclosure/2014/Dec/124
- http://sroesemann.blogspot.de/2014/12/sroeadv-2014-04.html
- https://github.com/e107inc/e107/commit/9249f892b1e635979db2a830393694fb73531080