CVE-2010-5084 Information

Description

The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account which allows remote attackers to hijack the authentication of administrators for requests that add new users via e107_admin/users.php.

Reference

http://e107.org/comment.php?comment.news.872 http://secunia.com/advisories/41034 http://www.madirish.net/?article=471 http://www.securitytracker.com/id?1024351