CVE-2017-8082 Information
Feb 14, 2021
cve
Description
concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditor?fID=1&imgData= URI. This results in a site-wide denial of service making the site not accessible to any users or any administrators.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Reference
http://zeroday.insecurity.zone/exploits/concrete5_csrf_dos.txt https://drive.google.com/open?id=0B3vXUYdNMECWZTd3SFRnUjllWk0 https://twitter.com/insecurity/status/856066923146215425
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
NONE
Base Score
HIGH
Base Severity
6.5
Share on: