Zurück zur CVE-Übersicht
CVE-2017-8082
MEDIUM(4.3)AV:N/AC:M/Au:N/C:N/I:N/A:P
Risk Signal Score11/100 — NIEDRIG
- CVSS 4.3 — Mittel
EPSS-Score
1%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
4.3
Technische Schwere
Beschreibung
concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditor?fID=1&imgData= URI. This results in a site-wide denial of service making the site not accessible to any users or any administrators.
Referenzen
- http://zeroday.insecurity.zone/exploits/concrete5_csrf_dos.txt
- https://drive.google.com/open?id=0B3vXUYdNMECWZTd3SFRnUjllWk0
- https://twitter.com/insecurity/status/856066923146215425
- http://zeroday.insecurity.zone/exploits/concrete5_csrf_dos.txt
- https://drive.google.com/open?id=0B3vXUYdNMECWZTd3SFRnUjllWk0
- https://twitter.com/insecurity/status/856066923146215425