CVE-2017-8082
Last modified
CVE-2017-8082 is a vulnerability of currently unknown severity. concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditor?fID=1&imgData= URI. This results in a site-wide denial of service making the site not accessible to any users or any administrators.. EPSS estimates a 1.20% chance of exploitation in the next 30 days.
Description
concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditor?fID=1&imgData= URI. This results in a site-wide denial of service making the site not accessible to any users or any administrators.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Concretecms | Concrete Cms | 8.1.0 |
References
- http://zeroday.insecurity.zone/exploits/concrete5_csrf_dos.txtExploit, Third Party Advisory
- https://twitter.com/insecurity/status/856066923146215425Third Party Advisory
- http://zeroday.insecurity.zone/exploits/concrete5_csrf_dos.txtExploit, Third Party Advisory
- https://twitter.com/insecurity/status/856066923146215425Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-8082?
How severe is CVE-2017-8082?
How do I fix CVE-2017-8082?
Are you affected by CVE-2017-8082?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST