Lucene search
GoogleOSV:CVE-2017-16244HistoryNov 01, 2017 - 1:29 a.m.
CVE-2017-16244
2017-11-0101:29:00
Google
osv.dev
2
Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim’s account. The attack bypasses a protection mechanism involving X-CSRF headers and CSRF tokens via a certain _handler postback variable.
Related
exploitpack
exploitpack
OctoberCMS 1.0.426 (Build 426) - Cross-Site Request Forgery
2017-11-01 00:00:00
osv
osv
October CMS CSRF
2022-05-13 01:24:46
cvelist
cvelist
CVE-2017-16244
2017-11-01 01:00:00
nvd
nvd
CVE-2017-16244
2017-11-01 01:29:00
veracode
veracode
Cross-site Request Forgery (CSRF) Bypass
2017-11-01 06:39:28
cve
cve
CVE-2017-16244
2017-11-01 01:29:00
packetstorm
packetstorm
OctoberCMS 1.0.426 (Build 426) Cross Site Request Forgery
2017-11-02 00:00:00
zdt
zdt
OctoberCMS 1.0.426 (Build 426) - Cross-Site Request Forgery Vulnerability
2017-11-01 00:00:00
prion
prion
Cross site request forgery (csrf)
2017-11-01 01:29:00
github
github
October CMS CSRF
2022-05-13 01:24:46
exploitdb
exploitdb
OctoberCMS 1.0.426 (Build 426) - Cross-Site Request Forgery
2017-11-01 00:00:00