Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2017-16244
HistoryNov 01, 2017 - 1:00 a.m.

CVE-2017-16244

2017-11-0101:00:00
mitre
www.cve.org

8.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.4%

JSON

Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim’s account. The attack bypasses a protection mechanism involving X-CSRF headers and CSRF tokens via a certain _handler postback variable.

Related

cve 1
nvd 1
exploitpack 1
osv 2
veracode 1
packetstorm 1
zdt 1
prion 1
github 1
exploitdb 1
cve
cve
CVE-2017-16244
2017-11-01 01:29:00
nvd
nvd
CVE-2017-16244
2017-11-01 01:29:00
exploitpack
exploitpack
OctoberCMS 1.0.426 (Build 426) - Cross-Site Request Forgery
2017-11-01 00:00:00
osv
osv
October CMS CSRF
2022-05-13 01:24:46
CVE-2017-16244
2017-11-01 01:29:00
veracode
veracode
Cross-site Request Forgery (CSRF) Bypass
2017-11-01 06:39:28
packetstorm
packetstorm
OctoberCMS 1.0.426 (Build 426) Cross Site Request Forgery
2017-11-02 00:00:00
zdt
zdt
OctoberCMS 1.0.426 (Build 426) - Cross-Site Request Forgery Vulnerability
2017-11-01 00:00:00
prion
prion
Cross site request forgery (csrf)
2017-11-01 01:29:00
github
github
October CMS CSRF
2022-05-13 01:24:46
exploitdb
exploitdb
OctoberCMS 1.0.426 (Build 426) - Cross-Site Request Forgery
2017-11-01 00:00:00

8.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.4%

JSON
Related for CVELIST:CVE-2017-16244
cve1nvd1exploitpack1osv2veracode1packetstorm1zdt1prion1github1exploitdb1