Concrete CMS 9 przed wersją 9.5.0 jest podatny na Cross Site Request Forgery (CSRF) w `concrete/controllers/dialog/page/bulk/cache`. Zespół bezpieczeństwa Concrete CMS przyznał tej podatności wynik CVSS v4.0 wynoszący 2.3 z wektorem CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N.
▸ Pokaż oryginał (EN)
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/cache. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan Drori (Tenzai) for reporting.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XConcretecms Concrete Cms
APPConcretecms9.0.0 – 9.5.1 (bez)
Powiązane podatności
Concrete CMS – path traversal i RCE przez nieautoryzowane dołączanie plików
Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created ...
Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/u...
Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute cod...
A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation enc...