virus logo Intrusion Prevention

Magento.Vimeo.Invalid.Image.CSRF

description-logoDescription

This indicates an attack attempt against a Cross-Site Request-Forgery vulnerability in Magento.
The vulnerability is due to insufficient sanitization of user supplied inputs in the application. An attacker may exploit this to cause the server to perform certain actions in the context of an authorized user's session and gain unauthorized access to the affected application.

affected-products-logoAffected Products

Magento 2.1.6 CE and prior

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Currently we are unaware of any vendor supplied patch or updates available for this issue.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

http://www.defensecode.com/advisories/DC-2017-04-003_Magento_Arbitrary_File_Upload.pdf
ID 43984
Created May 10, 2017
Updated May 04, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
CVE ID
Default Action drop
Active
Affected OS Linux
Affected App PHP_app