4 matches found
CVE-2012-6434
Multiple cross-site request forgery CSRF vulnerabilities in e107admin/download.php in e107 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the 1 downloadurl, 2 downloadurlextended, 3 downloadauthoremail, 4...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in e107admin/download.php in e107 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the 1 downloadurl, 2 downloadurlextended, 3 downloadauthoremail, 4...
CVE-2012-6434
Multiple cross-site request forgery CSRF vulnerabilities in e107admin/download.php in e107 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the 1 downloadurl, 2 downloadurlextended, 3 downloadauthoremail, 4...
CVE-2012-6434
CVE-2012-6434 affects e107 1.0.2: CSRF in e107_admin/download.php enables an attacker to hijack administrator sessions and perform SQL injection via parameters such as download_url, download_url_extended, download_author_email, download_author_website, download_image, download_thumb, download_vis...