Cross-Site Request Forgery (CSRF) in e107inc/e107Valid
Dec 25th 2021
Hi there, there is a Cross Site Request Forgery in e107 that allows an attacker to force admin user to repair a plugin.
Proof of Concept
- Install e107 in your system
- Log in as adminstrator
- Copy this link and paste to your browser:
- Now the plugin banner is repaired.
This vulnerability is capable of allowing attacker to force admin user to repair a plugin.