Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
e107 Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2012-6434 - Vulnerability Database
e107

e107 Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2012-6434

Medium
Reference: CVE-2012-6434
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2012-6434
Title: e107 Cross-Site Request Forgery (CSRF) Vulnerability
Overview:

Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) download_url (2) download_url_extended (3) download_author_email (4) download_author_website (5) download_image (6) download_thumb (7) download_visible or (8) download_class parameter.