Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim's account. The attack bypasses a protection mechanism involving X-CSRF headers and CSRF tokens via a certain _handler postback variable.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OctoberCMS 跨站请求伪造漏洞
Vulnerability Description
OctoberCMS是加拿大软件开发者Alexey Bobkov和澳大利亚软件开发者Samuel Georges共同研发的一套开源的、自托管的建立在Laravel PHP框架基础上的内容管理系统(CMS)。 OctoberCMS 1.0.426(又名Build 426)版本中存在跨站请求伪造漏洞,该漏洞源于程序在处理postback时没有正确的验证跨站请求伪造令牌。远程攻击者可借助certain _handler postback变量利用该漏洞绕过保护机制,控制用户账户。
CVSS Information
N/A
Vulnerability Type
N/A