CVE-2017-8082

Exploit

EPSS 0.53%
Veröffentlicht 24.04.2017 06:59:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditor?fID=1&imgData= URI. This results in a site-wide denial of service making the site not accessible to any users or any administrators.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Concretecms ≫ Concrete Cms Version8.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.53%	0.667

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://zeroday.insecurity.zone/exploits/concrete5_csrf_dos.txt

Third Party Advisory

Exploit

https://drive.google.com/open?id=0B3vXUYdNMECWZTd3SFRnUjllWk0

Exploit

https://twitter.com/insecurity/status/856066923146215425

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-8082

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-8082

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-8082

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2017-8082