Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4947

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-4947
Last Modified 04 Sep 2012 12:00:00
Published 31 Aug 2012 06:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4947

Summary

Cross-site request forgery (CSRF) vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the user_include parameter.

Vulnerable Systems

Application

  • E107 0.7

  • E107 0.7.0

  • E107 0.7.1

  • E107 0.7.10

  • E107 0.7.11

  • E107 0.7.12

  • E107 0.7.13

  • E107 0.7.14

  • E107 0.7.15

  • E107 0.7.16

  • E107 0.7.17

  • E107 0.7.18

  • E107 0.7.19

  • E107 0.7.2

  • E107 0.7.20

  • E107 0.7.21

  • E107 0.7.22

  • E107 0.7.24

  • E107 0.7.26

  • E107 0.7.3

  • E107 0.7.4

  • E107 0.7.5

  • E107 0.7.6

  • E107 0.7.7

  • E107 0.7.8

  • E107 0.7.9


References

MISC - https://www.htbridge.com/advisory/multiple_vulnerabilities_in_e107_1.html

XF - e107-usersextended-xss(68062)

MLIST - [oss-security] 20120328 Re: CVE-request: e107 HTB23004

MLIST - [oss-security] 20120328 CVE-request: e107 HTB23004

CONFIRM - http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/users_extended.php?r1=12225&r2=12306

CONFIRM - http://e107.org/svn_changelog.php?version=0.7.26


Last Updated: 27 May 2016 11:00:26