CVE-2014-9459

Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allows remote attackers to hijack the authentication of administrators for requests that add users to the administrator group via the id parameter in an admin action.
Configurations

Configuration 1 (hide)

cpe:2.3:a:e107:e107:2.0:alpha2:*:*:*:*:*:*

History

21 Nov 2024, 02:20

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/129751/e107-2.0-Alpha2-Cross-Site-Request-Forgery.html - () http://packetstormsecurity.com/files/129751/e107-2.0-Alpha2-Cross-Site-Request-Forgery.html -
References () http://seclists.org/fulldisclosure/2014/Dec/124 - () http://seclists.org/fulldisclosure/2014/Dec/124 -
References () http://sroesemann.blogspot.de/2014/12/sroeadv-2014-04.html - () http://sroesemann.blogspot.de/2014/12/sroeadv-2014-04.html -
References () https://github.com/e107inc/e107/commit/9249f892b1e635979db2a830393694fb73531080 - () https://github.com/e107inc/e107/commit/9249f892b1e635979db2a830393694fb73531080 -

Information

Published : 2015-01-02 20:59

Updated : 2024-11-21 02:20


NVD link : CVE-2014-9459

Mitre link : CVE-2014-9459

CVE.ORG link : CVE-2014-9459


JSON object : View

Products Affected

e107

  • e107
CWE
CWE-352

Cross-Site Request Forgery (CSRF)