Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

e107 2.0 Alpha2 Cross Site Request Forgery

🗓️ 28 Dec 2014 00:00:00Reported by Steffen RoesemannType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 58 Views

Cross Site Request Forgery in e107 v.2 alpha2 CM

Code
`Advisory: CSRF vulnerability in CMS e107 v.2 alpha2  
Advisory ID: SROEADV-2014-04  
Author: Steffen Rösemann  
Affected Software: CMS e107 v.2 alpha2 (Release-Date: 08th-Jun-2014)  
Vendor URL: http://e107.org  
Vendor Status: solved  
CVE-ID: -  
  
==========================  
Vulnerability Description:  
==========================  
  
The Content Management System e107 v.2 alpha2 allows an attacker to become  
an administrative user (without rights) when tricking the admin into  
executing a CSRF-vulnerable URL including the attackers user-id.  
  
==================  
Technical Details:  
==================  
  
The administrative backend of e107 v.2 alpha2 provides the functionality to  
put a user instant in the administrators group by using the following url  
when the administrator is already logged in:  
  
http://{DOMAIN/HOSTNAME}/e107_admin/users.php?mode=main&action=admin&id={ID}  
  
An attacker could try to abuse this in convincing the admin to execute a  
link which contains the id of the attackers user-account or trick him to go  
on a page the attacker controls where this URL is opened (e.g. in a hidden  
iframe) while the admin is logged in.  
  
The attacker knows his own id because it is shown on his user profile:  
  
http://{DOMAIN/HOSTNAME}/user.php?id.{ID}  
  
Although the attacker would not instant gain any rights it is a security  
issue.  
  
Combined with clickjacking and/or other social engineering attacks this  
issue could be expanded to gain such elevated rights.  
  
=========  
Solution:  
=========  
  
Install the latest patch from the github repository (see below).  
  
  
====================  
Disclosure Timeline:  
====================  
22-Dec-2014 – found the vulnerability  
22-Dec-2014 - informed the developers  
26-Dec-2014 – release date of this security advisory [without technical  
details]  
27-Dec-2014 – vendor responded and provided a patch  
28-Dec-2014 – release date of this security advisory  
28-Dec-2014 – post on Bugtraq / FullDisclosure  
  
========  
Credits:  
========  
  
Vulnerability found and advisory written by Steffen Rösemann.  
  
===========  
References:  
===========  
  
http://e107.org  
https://github.com/e107inc/e107/commit/9249f892b1e635979db2a830393694fb73531080  
http://sroesemann.blogspot.de  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
28 Dec 2014 00:00Current
0.7Low risk
Vulners AI Score0.7
e107 cmscross site request forgerycsrf vulnerabilitysteffen rösemannadministrative userpatch installationdisclosure timelinegithub repositorybugtraqclickjackingsocial engineering
58