Vulnerability Description
usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| E107 | E107 | <= 2.3.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/161651/e107-CMS-2.3.0-Cross-Site-Request-FoThird Party Advisory
- https://github.com/e107inc/e107/commit/d9efdb9b5f424b4996c276e754a380a5e251f472PatchThird Party Advisory
- https://github.com/e107inc/e107/releasesRelease NotesThird Party Advisory
- http://packetstormsecurity.com/files/161651/e107-CMS-2.3.0-Cross-Site-Request-FoThird Party Advisory
- https://github.com/e107inc/e107/commit/d9efdb9b5f424b4996c276e754a380a5e251f472PatchThird Party Advisory
- https://github.com/e107inc/e107/releasesRelease NotesThird Party Advisory
FAQ
What is CVE-2021-27885?
CVE-2021-27885 is a vulnerability with a CVSS score of 8.8 (HIGH). usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.
How severe is CVE-2021-27885?
CVE-2021-27885 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-27885?
Check the references section above for vendor advisories and patch information. Affected products include: E107 E107.