CVE-2011-4947

Cross-site request forgery (CSRF) vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the user_include parameter.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://e107.org/svn_changelog.php?version=0.7.26
http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/users_extended.php?r1=12225&r2=12306
http://www.openwall.com/lists/oss-security/2012/03/28/4
http://www.openwall.com/lists/oss-security/2012/03/29/3
https://exchange.xforce.ibmcloud.com/vulnerabilities/68062
https://www.htbridge.com/advisory/multiple_vulnerabilities_in_e107_1.html
http://e107.org/svn_changelog.php?version=0.7.26
http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/users_extended.php?r1=12225&r2=12306
http://www.openwall.com/lists/oss-security/2012/03/28/4
http://www.openwall.com/lists/oss-security/2012/03/29/3
https://exchange.xforce.ibmcloud.com/vulnerabilities/68062
https://www.htbridge.com/advisory/multiple_vulnerabilities_in_e107_1.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:e107:e107::::::::
	cpe:2.3:a:e107:e107:0.7:::::::*
	cpe:2.3:a:e107:e107:0.7.0:::::::*
	cpe:2.3:a:e107:e107:0.7.1:::::::*
	cpe:2.3:a:e107:e107:0.7.2:::::::*
	cpe:2.3:a:e107:e107:0.7.3:::::::*
	cpe:2.3:a:e107:e107:0.7.4:::::::*
	cpe:2.3:a:e107:e107:0.7.5:::::::*
	cpe:2.3:a:e107:e107:0.7.6:::::::*
	cpe:2.3:a:e107:e107:0.7.7:::::::*
	cpe:2.3:a:e107:e107:0.7.8:::::::*
	cpe:2.3:a:e107:e107:0.7.9:::::::*
	cpe:2.3:a:e107:e107:0.7.10:::::::*
	cpe:2.3:a:e107:e107:0.7.11:::::::*
	cpe:2.3:a:e107:e107:0.7.12:::::::*
	cpe:2.3:a:e107:e107:0.7.13:::::::*
	cpe:2.3:a:e107:e107:0.7.14:::::::*
	cpe:2.3:a:e107:e107:0.7.15:::::::*
	cpe:2.3:a:e107:e107:0.7.16:::::::*
	cpe:2.3:a:e107:e107:0.7.17:::::::*
	cpe:2.3:a:e107:e107:0.7.18:::::::*
	cpe:2.3:a:e107:e107:0.7.19:::::::*
	cpe:2.3:a:e107:e107:0.7.20:::::::*
	cpe:2.3:a:e107:e107:0.7.21:::::::*
	cpe:2.3:a:e107:e107:0.7.22:::::::*

History

21 Nov 2024, 01:33

Type	Values Removed	Values Added
References	~~() http://e107.org/svn_changelog.php?version=0.7.26 -~~	() http://e107.org/svn_changelog.php?version=0.7.26 -
References	~~() http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/users_extended.php?r1=12225&r2=12306 -~~	() http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/users_extended.php?r1=12225&r2=12306 -
References	~~() http://www.openwall.com/lists/oss-security/2012/03/28/4 -~~	() http://www.openwall.com/lists/oss-security/2012/03/28/4 -
References	~~() http://www.openwall.com/lists/oss-security/2012/03/29/3 -~~	() http://www.openwall.com/lists/oss-security/2012/03/29/3 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/68062 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/68062 -
References	~~() https://www.htbridge.com/advisory/multiple_vulnerabilities_in_e107_1.html -~~	() https://www.htbridge.com/advisory/multiple_vulnerabilities_in_e107_1.html -

Information

Published : 2012-08-31 22:55

Updated : 2024-11-21 01:33

NVD link : CVE-2011-4947

Mitre link : CVE-2011-4947

CVE.ORG link : CVE-2011-4947

JSON object : View

Products Affected

e107

e107

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

6.8 /10