CVE-2017-11567

Name of the Vulnerable Software and Affected Versions Mongoose Web Server versions prior to 6.9

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack user authentication for requests that modify Mongoose.conf via a request to " mg admin?save". This can be leveraged to execute arbitrary code remotely.

Recommendations For versions prior to 6.9, update to version 6.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the mg admin?save request to minimize the risk of exploitation.