Description
concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditor?fID=1&imgData= URI. This results in a site-wide denial of service making the site not accessible to any users or any administrators.
Remediation
References
Related Vulnerabilities
MySQL CVE-2017-3329 Vulnerability (CVE-2017-3329)
Serendipity Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3800)
Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2024-25605)
TYPO3 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2009-3633)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-2609)