CVE-2017-1000008

Name of the Vulnerable Software and Affected Versions Chyrp Lite version 2016.04

Description The issue allows attackers to hijack the authentication of logged-in users, enabling them to modify account information, including passwords, through a CSRF in the user settings function.

Recommendations For Chyrp Lite version 2016.04, consider disabling the user settings function temporarily to prevent exploitation until a fix is available. Restrict access to the user settings module to minimize the risk of account information modification. Avoid using the vulnerable function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.