e107 Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2010-5084 - Vulnerability Database

e107 Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2010-5084

Medium

Reference: CVE-2010-5084

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2010-5084

Title: e107 Cross-Site Request Forgery (CSRF) Vulnerability

Overview:

The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account which allows remote attackers to hijack the authentication of administrators for requests that add new users via e107_admin/users.php.