Zain Sabahat

**Name of the Vulnerable Software and Affected Versions** OctoberCMS version 1.0.426 **Description** The issue is related to Cross-Site Request Forgery, which occurs due to improper validation of CSRF tokens for postback handling. This allows an attacker to take over the victim's account by bypassing a protection mechanism that involves X-CSRF headers and CSRF tokens via a certain ` handler` postback variable. **Recommendations** For OctoberCMS version 1.0.426, consider disabling the postback handling feature until a patch is available, or restrict access to the ` handler` postback variable to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.