CVE-2017-8098

Published: Apr 24, 2017Modified: May 13, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plug-in provided by the attacker.

Affected (1)

Products: E107: E107

E107

1 product

E107

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
E107 E107	Version 2.1.4

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

http://seclists.org/fulldisclosure/2017/Apr/40

Source: cve@mitre.org

PatchThird Party AdvisoryVDB Entry

https://github.com/e107inc/e107/commit/7a3e3d9fc7e05ce6941b9af1c14010bf2141f1a5

Source: cve@mitre.org

PatchThird Party Advisory

http://seclists.org/fulldisclosure/2017/Apr/40

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party AdvisoryVDB Entry

https://github.com/e107inc/e107/commit/7a3e3d9fc7e05ce6941b9af1c14010bf2141f1a5

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.