Published: 01/11/2017 Updated: 03/08/2020

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an malicious user to successfully take over the victim's account. The attack bypasses a protection mechanism involving X-CSRF headers and CSRF tokens via a certain _handler postback variable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
octobercms october 1.0.426

# Exploit Title: OctoberCMS 10426 - CSRF to Admin Account Takover # Vendor Homepage: octobercmscom # Software Link: octobercmscom/download # Exploit Author: Zain Sabahat # Website: aboutme/ZainSabahat # Category: webapps # CVE: CVE-2017-16244 1 Description Cross-Site Request Forgery exists in OctoberCMS 10426 (aka ...

OctoberCMS version 10426 (Build 426) suffers from a cross site request forgery vulnerability ...

CWE-352 https://github.com/octobercms/october/commit/4a6e0e1e0e2c3facebc17e0db38c5b4d4cb05bd0 https://www.exploit-db.com/exploits/43106/https://nvd.nist.gov https://www.exploit-db.com/exploits/43106/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-16244

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect