31 Oct 2017
CVE-2017-16244 - CVE Vulnerability
Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim's account. The attack bypasses a protection mechanism involving X-CSRF headers and CSRF tokens via a certain _handler postback variable. (CVSS:0.0) (Last Update:2017-10-31)
Vulnerability Details : Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim's account. The attack bypasses a protection mechanism involving X-CSRF headers and CSRF tokens via a certain _handler postback variable. Publish Date : 2017-10-31 Last Update Date : 2017-10-31 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2017-16244
- References For CVE-2017-16244
| ||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2017-16244There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |