CVE-2017-16244

Name of the Vulnerable Software and Affected Versions OctoberCMS version 1.0.426

Description The issue is related to Cross-Site Request Forgery, which occurs due to improper validation of CSRF tokens for postback handling. This allows an attacker to take over the victim's account by bypassing a protection mechanism that involves X-CSRF headers and CSRF tokens via a certain handler postback variable.

Recommendations For OctoberCMS version 1.0.426, consider disabling the postback handling feature until a patch is available, or restrict access to the handler postback variable to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.