← back
CVE-2017-12970

CVE-2017-12970

EPSS 2.2%
Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that (1) add or (2) delete user accounts via a request to phpsftpd/users.php.
Affected products
n/a · n/a
public PoCs found3
cve_referencepacketstormsecurity.com/files/143863/Apache2Triad-1.5.4-CSRF-XSS-Session-Fixation.htmlunverifiedcve_referencewww.exploit-db.com/exploits/42520/unverifiedexploitdbwww.exploit-db.com/exploits/42520unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://hyp3rlinx.altervista.org/advisories/APACHE2TRIAD-SERVER-STACK-v1.5.4-MULTIPLE-CVE.txthttp://packetstormsecurity.com/files/143863/Apache2Triad-1.5.4-CSRF-XSS-Session-Fixation.htmlhttps://www.exploit-db.com/exploits/42520/http://www.securityfocus.com/bid/100447