Posted by Kacper Szurek on Nov 10
# Exploit Title: e107 CMS 2.1.2 Privilege Escalation
# Date: 09-11-2016
# Software Link: http://e107.org/
# Exploit Author: Kacper Szurek
# Contact: http://twitter.com/KacperSzurek
# Website: http://security.szurek.pl/
# Category: webapps
1. Description
Datas from `$_POST[‘updated_data’]` inside `usersettings.php` are not
properly validated so we can set `user_admin`.
http://security.szurek.pl/e107-cms-211-privilege-escalation.html…