CVE-2010-5084

CVSS V2 Medium 6 CVSS V3 None

Description

The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers to hijack the authentication of administrators for requests that add new users via e107_admin/users.php.

Overview

CVE ID
CVE-2010-5084

Assigner
cve@mitre.org

Vulnerability Status
Analyzed

Published Version
2012-02-14T20:55:02

Last Modified Date
2012-02-15T05:00:00

Weakness Enumerations

CWE	URL
CWE-352	http://cwe.mitre.org/data/definitions/352.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
cpe:2.3:a:e107:e107::::::::	1	OR	0.7.22
cpe:2.3:a:e107:e107:0.6_10:::::::*	1	OR
cpe:2.3:a:e107:e107:0.6_11:::::::*	1	OR
cpe:2.3:a:e107:e107:0.6_12:::::::*	1	OR
cpe:2.3:a:e107:e107:0.6_13:::::::*	1	OR
cpe:2.3:a:e107:e107:0.6_14:::::::*	1	OR
cpe:2.3:a:e107:e107:0.6_15:::::::*	1	OR
cpe:2.3:a:e107:e107:0.6_15a:::::::*	1	OR
cpe:2.3:a:e107:e107:0.7:::::::*	1	OR
cpe:2.3:a:e107:e107:0.7.0:::::::*	1	OR
cpe:2.3:a:e107:e107:0.7.1:::::::*	1	OR
cpe:2.3:a:e107:e107:0.7.2:::::::*	1	OR
cpe:2.3:a:e107:e107:0.7.3:::::::*	1	OR
cpe:2.3:a:e107:e107:0.7.4:::::::*	1	OR
cpe:2.3:a:e107:e107:0.7.5:::::::*	1	OR
cpe:2.3:a:e107:e107:0.7.6:::::::*	1	OR
cpe:2.3:a:e107:e107:0.7.7:::::::*	1	OR
cpe:2.3:a:e107:e107:0.7.8:::::::*	1	OR
cpe:2.3:a:e107:e107:0.7.9:::::::*	1	OR
cpe:2.3:a:e107:e107:0.7.10:::::::*	1	OR
cpe:2.3:a:e107:e107:0.7.11:::::::*	1	OR
cpe:2.3:a:e107:e107:0.7.12:::::::*	1	OR
cpe:2.3:a:e107:e107:0.7.13:::::::*	1	OR
cpe:2.3:a:e107:e107:0.7.14:::::::*	1	OR
cpe:2.3:a:e107:e107:0.7.15:::::::*	1	OR
cpe:2.3:a:e107:e107:0.7.16:::::::*	1	OR
cpe:2.3:a:e107:e107:0.7.17:::::::*	1	OR
cpe:2.3:a:e107:e107:0.7.18:::::::*	1	OR
cpe:2.3:a:e107:e107:0.7.19:::::::*	1	OR
cpe:2.3:a:e107:e107:0.7.20:::::::*	1	OR
cpe:2.3:a:e107:e107:0.7.21:::::::*	1	OR
cpe:2.3:a:e107:e107:0.545:::::::*	1	OR
cpe:2.3:a:e107:e107:0.547:beta::::::	1	OR
cpe:2.3:a:e107:e107:0.548:beta::::::	1	OR
cpe:2.3:a:e107:e107:0.549:beta::::::	1	OR
cpe:2.3:a:e107:e107:0.551:beta::::::	1	OR
cpe:2.3:a:e107:e107:0.552:beta::::::	1	OR
cpe:2.3:a:e107:e107:0.553:beta::::::	1	OR
cpe:2.3:a:e107:e107:0.554:::::::*	1	OR
cpe:2.3:a:e107:e107:0.554:beta::::::	1	OR
cpe:2.3:a:e107:e107:0.555:beta::::::	1	OR
cpe:2.3:a:e107:e107:0.600:::::::*	1	OR
cpe:2.3:a:e107:e107:0.601:::::::*	1	OR
cpe:2.3:a:e107:e107:0.602:::::::*	1	OR
cpe:2.3:a:e107:e107:0.603:::::::*	1	OR
cpe:2.3:a:e107:e107:0.604:::::::*	1	OR
cpe:2.3:a:e107:e107:0.605:::::::*	1	OR
cpe:2.3:a:e107:e107:0.606:::::::*	1	OR
cpe:2.3:a:e107:e107:0.607:::::::*	1	OR
cpe:2.3:a:e107:e107:0.608:::::::*	1	OR
cpe:2.3:a:e107:e107:0.609:::::::*	1	OR
cpe:2.3:a:e107:e107:0.610:::::::*	1	OR
cpe:2.3:a:e107:e107:0.611:::::::*	1	OR
cpe:2.3:a:e107:e107:0.612:::::::*	1	OR
cpe:2.3:a:e107:e107:0.613:::::::*	1	OR
cpe:2.3:a:e107:e107:0.614:::::::*	1	OR
cpe:2.3:a:e107:e107:0.615:::::::*	1	OR
cpe:2.3:a:e107:e107:0.615a:::::::*	1	OR
cpe:2.3:a:e107:e107:0.616:::::::*	1	OR
cpe:2.3:a:e107:e107:0.617:::::::*	1	OR
cpe:2.3:a:e107:e107:0.6171:::::::*	1	OR
cpe:2.3:a:e107:e107:0.6172:::::::*	1	OR
cpe:2.3:a:e107:e107:0.6173:::::::*	1	OR
cpe:2.3:a:e107:e107:0.6174:::::::*	1	OR
cpe:2.3:a:e107:e107:0.6175:::::::*	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:M/Au:S/C:P/I:P/A:P

Access Vector
NETWORK

Access Compatibility
MEDIUM

Authentication
SINGLE

Confidentiality Impact
PARTIAL

Integrity Impact
PARTIAL

Availability Impact
PARTIAL

Base Score
6

Severity
MEDIUM

Exploitability Score
6.8

Impact Score
6.4

References

Reference URL	Reference Tags
http://secunia.com/advisories/41034	Vendor Advisory
http://www.madirish.net/?article=471
http://www.securitytracker.com/id?1024351
http://e107.org/comment.php?comment.news.872

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2010-5084
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5084

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 10:56:18				Added to TrackCVE