CVE-2010-5084

Name of the Vulnerable Software and Affected Versions e107 versions prior to 0.7.23

Description The issue concerns a predictable random token used in the cross-site request forgery (CSRF) protection mechanism. This allows remote attackers to hijack the authentication of administrators for requests that add new users via the "e107 admin/users.php" endpoint.

Recommendations For versions prior to 0.7.23, update to version 0.7.23 or later to resolve the issue.