Dhananjay Bajaj

**Name of the Vulnerable Software and Affected Versions** e107 version 2.1.8 **Description** The issue allows for Cross-Site Request Forgery (CSRF) attacks in the 'usersettings.php' file, enabling an attacker to change user details, including passwords, for all users, including administrators. **Recommendations** For e107 version 2.1.8, consider implementing CSRF protection mechanisms, such as tokens, to prevent unauthorized changes to user settings, including passwords, until a patch is available. As a temporary workaround, restrict access to the 'usersettings.php' file to minimize the risk of exploitation.