CVE-2014-9459: CSRF
First published: Fri Jan 02 2015(Updated: )
Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allows remote attackers to hijack the authentication of administrators for requests that add users to the administrator group via the id parameter in an admin action.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| e107 CMS | =2.0-alpha2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-9459?
CVE-2014-9459 is classified as a high severity vulnerability due to its potential to allow remote attackers to hijack administrator authentication.
How do I fix CVE-2014-9459?
To fix CVE-2014-9459, it is recommended to update e107 CMS to a version that does not contain this vulnerability.
What type of vulnerability is CVE-2014-9459?
CVE-2014-9459 is a cross-site request forgery (CSRF) vulnerability.
Which software is affected by CVE-2014-9459?
CVE-2014-9459 specifically affects e107 version 2.0 alpha2.
What is the impact of CVE-2014-9459?
The impact of CVE-2014-9459 allows attackers to add unauthorized users to the administrator group.
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/type
- agent/softwarecombine
- agent/description
- agent/event
- vendor/e107
- canonical/e107 cms
- version/e107 cms/2.0-alpha2