CVE-2018-15901

Name of the Vulnerable Software and Affected Versions e107 version 2.1.8

Description The issue allows for Cross-Site Request Forgery (CSRF) attacks in the 'usersettings.php' file, enabling an attacker to change user details, including passwords, for all users, including administrators.

Recommendations For e107 version 2.1.8, consider implementing CSRF protection mechanisms, such as tokens, to prevent unauthorized changes to user settings, including passwords, until a patch is available. As a temporary workaround, restrict access to the 'usersettings.php' file to minimize the risk of exploitation.