OctoberCMS is vulnerable to cross-site request forgery (CSRF). The library does not properly validate CSRF Tokens in the _handler
postback variable, allowing a malicious user to conduct a CSRF attack and authenticate as another user.
CPE | Name | Operator | Version |
---|---|---|---|
october/cms | le | 1.0.425 | |
october/october | le | 1.0.425 |