Posted by Steffen Rösemann on Dec 29
Advisory: CSRF vulnerability in CMS e107 v.2 alpha2
Advisory ID: SROEADV-2014-04
Author: Steffen Rösemann
Affected Software: CMS e107 v.2 alpha2 (Release-Date: 08th-Jun-2014)
Vendor URL: http://e107.org
Vendor Status: solved
CVE-ID: –
==========================
Vulnerability Description:
==========================
The Content Management System e107 v.2 alpha2 allows an attacker to become
an administrative user (without rights) when tricking…