CVE-2017-8082

concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditor?fID=1&imgData= URI. This results in a site-wide denial of service making the site not accessible to any users or any administrators.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:concretecms:concrete_cms:8.1.0:*:*:*:*:*:*:*

Information

Published : 2017-04-23 23:59

Updated : 2021-07-15 13:42


NVD link : CVE-2017-8082

Mitre link : CVE-2017-8082


JSON object : View

CWE
CWE-352

Cross-Site Request Forgery (CSRF)

Advertisement

dedicated server usa

Products Affected

concretecms

  • concrete_cms