CVE-2017-8098

Name of the Vulnerable Software and Affected Versions e107 version 2.1.4

Description The issue allows a malicious web page to use forged requests to make e107 download and install a plug-in provided by the attacker, due to cross-site request forgery in plugin-installing, meta-changing, and settings-changing.

Recommendations For version 2.1.4, consider disabling the plugin-installing feature until a patch is available to prevent exploitation. Restrict access to meta-changing and settings-changing functionalities to minimize the risk of cross-site request forgery attacks.