Cross-Site Request Forgery (CSRF) in e107inc/e107Valid
Dec 25th 2021
Hi e107 team, I would like to report a CSRF in e107 source code. This is in install plugin feature
Proof of Concept
- Install a local instance of e107
- Login as admin and access this link
- See that the pluglin chatbox menu is intalled.
This vulnerability is capable of CSRF