Lucene search

CVE-2018-17081

🗓️ 26 Sep 2018 21:01:29Reported by mitreType

cve🔗 web.nvd.nist.gov👁 32 Views🌐 WEB

e107 2.1.9 CSRF vulnerability in wmessage.ph

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 5
Cvelist	CVE-2018-17081	26 Sep 201821:00	–	cvelist
Prion	Cross site request forgery (csrf)	26 Sep 201821:29	–	prion
OSV	CVE-2018-17081	26 Sep 201821:29	–	osv
NVD	CVE-2018-17081	26 Sep 201821:29	–	nvd
OpenVAS	e107 <= 2.1.9 CSRF Vulnerability	2 Oct 201800:00	–	openvas

Nvd

Node

e107 e107Match2.1.9

Source	Link
github	www.github.com/himanshurahi/e107_2.1.9_CSRF_POC

Parameter	Position	Path	Description	CWE
mode	query param	/e107_admin/wmessage.php	CSRF vulnerability allows changing the title of an arbitrary page.	CWE-352
action	query param	/e107_admin/wmessage.php	CSRF vulnerability allows changing the title of an arbitrary page.	CWE-352
ajax_used	query param	/e107_admin/wmessage.php	CSRF vulnerability allows changing the title of an arbitrary page.	CWE-352
id	query param	/e107_admin/wmessage.php	CSRF vulnerability allows changing the title of an arbitrary page.	CWE-352

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

26 Sep 2018 21:29Current

4.8Medium risk

Vulners AI Score4.8

CVSS24.3

CVSS34.3

EPSS0.00209

CWE-352