CVE-2026-46620

Name of the Vulnerable Software and Affected Versions e107 versions prior to 2.3.5

Description e107 is a content management system (CMS) that fails to properly enforce Cross-Site Request Forgery (CSRF) token validation on comment moderation actions. The issue occurs within the session handler::check() function, which only validates the CSRF token if it is present in the request. If the token is completely missing, the validation check is skipped, allowing state-changing requests to be processed without authentication. This affects the 'comment.php' moderation endpoints.

Recommendations Update to version 2.3.5.