CVE-2014-9459

Name of the Vulnerable Software and Affected Versions e107 version 2.0 alpha2

Description A cross-site request forgery issue exists in the AdminObserver function, allowing remote attackers to hijack administrator authentication for requests that add users to the administrator group. This is achieved via the id parameter in an admin action.

Recommendations For e107 version 2.0 alpha2, consider disabling the AdminObserver function until a patch is available to prevent exploitation of this issue. Restrict access to admin actions that utilize the id parameter to minimize the risk of unauthorized user additions to the administrator group.