Description

usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.

Remediation

References

CVE-2021-27885

Related Vulnerabilities

WordPress Plugin Fonts-Google Fonts Typography Cross-Site Scripting (3.0.2)

phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-0813)

PHP Other Vulnerability (CVE-2007-1886)

PHP Use After Free Vulnerability (CVE-2016-6295)

WordPress Plugin Elementor Website Builder Security Bypass (2.9.5)

Severity

High

Classification

CVE-2021-27885 CWE-326 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities