What is CVE-2017-16244?

CVE-2017-16244 is a high-severity vulnerability in Octobercms October, classified under Cross-Site Request Forgery (CSRF). CVSS score: 8.8/10. Published 2017-11-01.

How severe is CVE-2017-16244?

High severity. CVSS v3 base score is 8.8 out of 10.

CSRF in Octobercms October

CVE-2017-16244

Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim's account. The attack bypasses a protection…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.004 (61.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Octobercms October — versions 1.0.426
N/a — versions n/a

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

cve@mitre.org (x_refsource_CONFIRM, Patch, Third Party Advisory)
cve@mitre.org (Exploit, VDB Entry, Third Party Advisory, exploit, x_refsource_EXPLOIT-DB)

Frequently asked questions

What is CVE-2017-16244?: CVE-2017-16244 is a high-severity vulnerability in Octobercms October, classified under Cross-Site Request Forgery (CSRF). CVSS score: 8.8/10. Published 2017-11-01.
How severe is CVE-2017-16244?: High severity. CVSS v3 base score is 8.8 out of 10.