漏洞类别:CGI
漏洞等级: 
漏洞信息
concrete5 is an open source content management system (CMS) for publishing content on the World Wide Web and intranets.
concrete5 contains a cross-site request forgery vulnerability in the Thumbnail Editor, that is implemented in the File Manager. This could allow unauthenticated, remote attackers to disable the entire installation by merely tricking an administrator into viewing a malicious page involving the /tools/required/files/importers/imageeditor source page and the imgData parameter. This results in a site-wide denial of service making the site not accessible to any users or any administrators.
Affected Versions:
concrete5 versions 8.1.0 and prior
QID Detection Logic:
This QID depends on BlindElephant engine to detect the version of the concrete5 installation as active attacks could potentially harm live installations.
漏洞危害
Successful exploitation allows an unauthenticated, remote attacker to cause a denial-of-service condition on the targeted system.
解决方案
N/A
Workaround:
Customers are advised to contact the vendor for updates pertaining to this vulnerability.
0day
文章评论