Advisory
Security Advisory – Cross Site Request Forgery in Chyrp Lite
Product: Chyrp Lite Vendor: Open source community Version: 2016.04 “Lago” and earlier Category: Cross site request forgery (CSRF) Vendor Notified: 2017-01-05 Patched: 2017-01-06 Disclosed: 2017-03-06 Researcher(s): Carl Pearson CVE: CVE-2017-1000008 Summary A cross-site request forgery (CSRF) vulnerability exists in the user properites function of the Chyrp Lite blog engine. An Read more…