CVE-2018-15901
The CVE-2018-15901 entry concerns e107 2.1.8, where a CSRF flaw in usersettings.php allows altering user details, including administrator passwords. The vulnerability’s root cause is improper CSRF protection in the usersettings.php workflow, enabling unauthorized changes without user interaction....