CVE-2017-8082

Name of the Vulnerable Software and Affected Versions concrete5 version 8.1.0

Description The issue allows remote attackers to disable the entire installation by tricking an admin into viewing a malicious page involving the "/tools/required/files/importers/imageeditor?fID=1&imgData=" URI, resulting in a site-wide denial of service. This makes the site not accessible to any users or administrators. The fID and imgData variables are involved in the exploitation.

Recommendations For concrete5 version 8.1.0, as a temporary workaround, consider restricting access to the Thumbnail Editor in the File Manager to minimize the risk of exploitation. Avoid using the fID and imgData variables in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.