CVE-2014-9459
Summary
| CVE | CVE-2014-9459 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-01-02 20:59:00 UTC |
| Updated | 2015-01-14 02:59:00 UTC |
| Description | Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allows remote attackers to hijack the authentication of administrators for requests that add users to the administrator group via the id parameter in an admin action. |
Risk And Classification
Problem Types: CWE-352
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| e107 2.0 Alpha2 Cross Site Request Forgery ≈ Packet Storm | MISC | packetstormsecurity.com | |
| Full Disclosure: CSRF vulnerability in CMS e107 v.2 alpha2 | FULLDISC | seclists.org | |
| Added additional check prior to administrator status change. · 9249f89 · e107inc/e107 · GitHub | CONFIRM | github.com | |
| ITsec && other fun stuff: SROEADV-2014-04 | MISC | sroesemann.blogspot.de | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.