Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
concrete5 Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2017-8082 - Vulnerability Database
concrete5

concrete5 Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2017-8082

Medium
Reference: CVE-2017-8082
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2017-8082
Title: concrete5 Cross-Site Request Forgery (CSRF) Vulnerability
Overview:

concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditorfID1ampimgData URI. This results in a site-wide denial of service making the site not accessible to any users or any administrators.