Full Disclosure

CSRF vulnerability in CMS e107 v.2 alpha2

Leave a comment

Posted by Steffen Rösemann on Dec 29

Advisory: CSRF vulnerability in CMS e107 v.2 alpha2
Advisory ID: SROEADV-2014-04
Author: Steffen Rösemann
Affected Software: CMS e107 v.2 alpha2 (Release-Date: 08th-Jun-2014)
Vendor URL: http://e107.org
Vendor Status: solved
CVE-ID: –

==========================
Vulnerability Description:
==========================

The Content Management System e107 v.2 alpha2 allows an attacker to become
an administrative user (without rights) when tricking…

Leave a Reply