Predictable Random Token Vulnerability in e107 CSRF Protection
CVE-2010-5084 · MEDIUM Severity
AV:N/AC:M/AU:S/C:P/I:P/A:P
The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers to hijack the authentication of administrators for requests that add new users via e107_admin/users.php.
Learn more about our User Device Pen Test.