Cross-Site Request Forgery (CSRF) in e107inc/e107

Valid

Reported on

Dec 30th 2021

Description

Hi there e107 team, there is another CSRF on your downloading plugins feature

Proof of Concept

  1. Install a local instance of e107.
  2. Log in as admin
  3. Access this link /e107/e107_admin/plugin.php?mode=online&action=download&src=cGx1Z2luX2lkPTk4NiZwbHVnaW5fZm9sZGVyPXNmcyZwbHVnaW5fcHJpY2U9JnBsdWdpbl9tb2RlPWFkZG9uJnBsdWdpbl91cmw9aHR0cHMlM0ElMkYlMkZlMTA3Lm9yZyUyRmUxMDdfcGx1Z2lucyUyRmFkZG9ucyUyRnJlcXVlc3QucGhwJTNGaWQlM0Q5ODY=
  4. See that the plug in Stop forum spam is downloaded and installed.

Impact

This vulnerability is capable of CSRF

We are processing your report and will contact the e107inc/e107 team within 24 hours. a year ago
M0rphling modified the report
a year ago
We have contacted a member of the e107inc/e107 team and are waiting to hear back a year ago
Cameron validated this vulnerability a year ago
M0rphling has been awarded the disclosure bounty
The fix bounty is now up for grabs
Cameron marked this as fixed in 2.3.2 with commit 7de11e a year ago
Cameron has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation