2 matches found
CVE-2018-17081
The entries confirm a CSRF vulnerability in e107 2.1.9 that allows an attacker to change the title of an arbitrary page via the request to e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id=. The issue is triggered by an inline CSRF path in the CMS’s admin interface, potentially enabling ...
CVE-2018-17081
e107 2.1.9 allows CSRF via e107admin/wmessage.php?mode=&action=inline&ajaxused=1&id= for changing the title of an arbitrary page...