Lucene search
+L

4 matches found

osv
osv
added 2026/05/22 12:31 a.m.4 views

GHSA-P8P9-5953-H9JW Concrete CMS is vulnerable to IDOR in AddMessage/UpdateMessage

Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments parameter which can lead to file permission bypass. The AddMessage and UpdateMessage conversation controllers accept user-supplied file attachment IDs and load files directly via $em-findFile::class,...

2.3CVSS5.7AI score0.00288EPSS
Exploits0References3
euvd
euvd
added 2026/05/22 12:31 a.m.17 views

EUVD-2026-31360

Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments parameter which can lead to file permission bypass. The AddMessage and UpdateMessage conversation controllers accept user-supplied file attachment IDs and load files directly via $em-findFile::class,...

2.3CVSS5.7AI score0.00288EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/21 9:18 p.m.11 views

CVE-2026-7886

Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments parameter which can lead to file permission bypass. The AddMessage and UpdateMessage conversation controllers accept user-supplied file attachment IDs and load files directly via $em-findFile::class,...

2.3CVSS5.7AI score0.00288EPSS
Exploits0References2Affected Software1
osv
osv
added 2022/06/02 2:15 p.m.6 views

CVE-2021-44097

EGavilan Media Contact-Form-With-Messages-Entry-Management 1.0 is vulnerable to SQL Injection via Addmessage.php. This allows a remote attacker to compromise Application SQL database...

9.8CVSS7.4AI score0.01378EPSS
Exploits1References2
Rows per page
Query Builder