Lucene search
GoogleOSV:GHSA-VM6R-4P4V-232XHistoryMay 13, 2022 - 1:24 a.m.
October CMS CSRF
2022-05-1301:24:46
Google
osv.dev
4
0.002 Low
EPSS
Percentile
57.4%
Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim’s account. The attack bypasses a protection mechanism involving X-CSRF headers and CSRF tokens via a certain _handler postback variable.
Related
exploitpack
exploitpack
OctoberCMS 1.0.426 (Build 426) - Cross-Site Request Forgery
2017-11-01 00:00:00
cve
cve
CVE-2017-16244
2017-11-01 01:29:00
cvelist
cvelist
CVE-2017-16244
2017-11-01 01:00:00
nvd
nvd
CVE-2017-16244
2017-11-01 01:29:00
veracode
veracode
Cross-site Request Forgery (CSRF) Bypass
2017-11-01 06:39:28
osv
osv
CVE-2017-16244
2017-11-01 01:29:00
packetstorm
packetstorm
OctoberCMS 1.0.426 (Build 426) Cross Site Request Forgery
2017-11-02 00:00:00
zdt
zdt
OctoberCMS 1.0.426 (Build 426) - Cross-Site Request Forgery Vulnerability
2017-11-01 00:00:00
prion
prion
Cross site request forgery (csrf)
2017-11-01 01:29:00
github
github
October CMS CSRF
2022-05-13 01:24:46
exploitdb
exploitdb
OctoberCMS 1.0.426 (Build 426) - Cross-Site Request Forgery
2017-11-01 00:00:00