Vulnerability Description
The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers to hijack the authentication of administrators for requests that add new users via e107_admin/users.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| E107 | E107 | <= 0.7.22 |
Related Weaknesses (CWE)
References
- http://e107.org/comment.php?comment.news.872
- http://secunia.com/advisories/41034Vendor Advisory
- http://www.madirish.net/?article=471
- http://www.securitytracker.com/id?1024351
- http://e107.org/comment.php?comment.news.872
- http://secunia.com/advisories/41034Vendor Advisory
- http://www.madirish.net/?article=471
- http://www.securitytracker.com/id?1024351
FAQ
What is CVE-2010-5084?
CVE-2010-5084 is a vulnerability with a CVSS score of 6.0 (MEDIUM). The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers ...
How severe is CVE-2010-5084?
CVE-2010-5084 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-5084?
Check the references section above for vendor advisories and patch information. Affected products include: E107 E107.