Description
concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditor?fID=1&imgData= URI. This results in a site-wide denial of service making the site not accessible to any users or any administrators.
Remediation
References
Related Vulnerabilities
Plone CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-5485)
WordPress 5.2.x Directory Traversal (5.2 - 5.2.20)
WordPress Improper Input Validation Vulnerability (CVE-2007-1277)
WordPress Plugin eID Easy Cross-Site Scripting (4.6)
WordPress Plugin Genesis Simple Defaults Arbitrary File Upload (1.0.0)