HomePentest-Tools.com Logo

Concrete5 Header Injection and CSRF Vulnerability CVE-2017-7725CVE-2017-8082

Severity
CVSSv3 Score
6.5
Vulnerability description

Concrete5 CMS is prone to a header injection and CSRF vulnerability.

Risk description

Multiple flaws exist because: - Concrete5 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a canonical URL on installation of Concrete5 using the Advanced Options settings. Remote attackers can make a GET request with any domain name in the Host header. This is stored and allows for arbitrary domains to be set for certain links displayed to subsequent visitors, potentially an XSS vector. - Concrete5s Thumbnail Editor in the File Manager is vulnerable to CSRF, which allows remote attackers to disable the entire installation of Concrete5, by merely tricking an admin view a malicious page. This results in a site-wide denial of service meaning neither the admin OR any of the website users can access the site.

Recommendation

No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Apr 13, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available