Lucene search
Veracode Vulnerability DatabaseVERACODE:5356HistoryNov 01, 2017 - 6:39 a.m.
Cross-site Request Forgery (CSRF) Bypass
2017-11-0106:39:28
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
0.002 Low
EPSS
Percentile
57.4%
OctoberCMS is vulnerable to cross-site request forgery (CSRF). The library does not properly validate CSRF Tokens in the _handler postback variable, allowing a malicious user to conduct a CSRF attack and authenticate as another user.
| CPE | Name | Operator | Version |
|---|---|---|---|
| october/cms | le | 1.0.425 | |
| october/october | le | 1.0.425 |
Related
cve
cve
CVE-2017-16244
2017-11-01 01:29:00
cvelist
cvelist
CVE-2017-16244
2017-11-01 01:00:00
nvd
nvd
CVE-2017-16244
2017-11-01 01:29:00
exploitpack
exploitpack
OctoberCMS 1.0.426 (Build 426) - Cross-Site Request Forgery
2017-11-01 00:00:00
osv
osv
October CMS CSRF
2022-05-13 01:24:46
CVE-2017-16244
2017-11-01 01:29:00
packetstorm
packetstorm
OctoberCMS 1.0.426 (Build 426) Cross Site Request Forgery
2017-11-02 00:00:00
zdt
zdt
OctoberCMS 1.0.426 (Build 426) - Cross-Site Request Forgery Vulnerability
2017-11-01 00:00:00
prion
prion
Cross site request forgery (csrf)
2017-11-01 01:29:00
github
github
October CMS CSRF
2022-05-13 01:24:46
exploitdb
exploitdb
OctoberCMS 1.0.426 (Build 426) - Cross-Site Request Forgery
2017-11-01 00:00:00