E107 · E107 · CVE-2026-46620
**Name of the Vulnerable Software and Affected Versions**
e107 versions prior to 2.3.5
**Description**
e107 is a content management system (CMS) that fails to properly enforce Cross-Site Request Forgery (CSRF) token validation on comment moderation actions. The issue occurs within the `session handler::check()` function, which only validates the CSRF token if it is present in the request. If the token is completely missing, the validation check is skipped, allowing state-changing requests to be processed without authentication. This affects the 'comment.php' moderation endpoints.
**Recommendations**
Update to version 2.3.5.