Concrete CMS Cross Site Request Forgery (CSRF) vulnerability · CVE-2023-48651 · GitHub Advisory Database · GitHub

Concrete CMS Cross Site Request Forgery (CSRF) vulnerability

Moderate severity GitHub Reviewed Published Feb 29, 2024 to the GitHub Advisory Database • Updated Dec 16, 2024

Package

concrete5/concrete5 (Composer)

Affected versions

>= 9.0.0, < 9.2.3

Patched versions

9.2.3

Description

Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) at /ccm/system/dialogs/file/delete/1/submit.

References

Published by the National Vulnerability Database

Feb 29, 2024

Published to the GitHub Advisory Database Feb 29, 2024

Reviewed Feb 29, 2024

Last updated Dec 16, 2024

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N