CVE-2017-7178

High

CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes…

mitre·CWE-352·Published 2017-03-18

CVSS

8.8

EPSS

0.04

KEV

Exploits

cve.orgen

259 chars

CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin.

NVDen

259 chars

NVDes

320 chars

CSRF ha sido descubierto en la interfaz web de usuario en Deluge en versiones anteriores a 1.3.14. La metodología de explotación implica (1) alojamiento de un plugin manipulado que ejecuta un programa arbitrario desde el archivo __init__.py y (2) provocando que la victima descargue, instale y habilite este complemento.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H