e107, a content management system written in PHP, using MySQL database system for content storage, exhibits cross-site request forgery and cross-site scripting vulnerabilities.

The CSRF vulnerability allows users to perform certain actions via HTTP requests without performing any validation by the /e107_admin/*.php scripts to verify the requests, including the ability to create or delete accounts by tricking an administrative user into visiting a malicious web site.

XSS vulnerablities as follows:
1) Input passed to the "userclass_name" and "userclass_description" parameters in e107_admin/userclass2.php is not properly sanitised before being used.
2) Input passed to the "meta_copyright" parameters in e107_admin/meta.php is not properly sanitised before being used. 
3) Input passed to all parameters in e107_admin/notify.php is not properly sanitised before being used.  
4) Input passed to the "multilanguage_subdomain" parameters in e107_admin/language.php is not properly sanitised before being used.  

These vulnerabilities can be exploited to insert arbitrary HTML and script code, which may be executed in a user's browser session in the context of an affected site if the malicious user class is viewed.

References:

CVE-2009-pending

BID:

FrSIRT: N/A

Nessus:N/A

OSVDB: 52857,  52856, 52855 , 52854 , 52853

SA: 34169

XF: 49451, 49450

Related: 

Vendor Solution: None available