Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/03/05 7:51 a.m.4 views

CVE-2026-2994

Concrete CMS below version 9.4.8 is subject to CSRF by a Rogue Administrator using the Anti-Spam Allowlist Group Configuration via groupid parameter which can leads to a security bypass since changes are saved prior to checking the CSRF token. The Concrete CMS security team gave this vulnerabilit...

6.8CVSS5.9AI score0.00208EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/03/04 3:31 a.m.5 views

Concrete CMS vulnerable to Cross-Site Request Forgery (CSRF)

Concrete CMS below version 9.4.8 is subject to CSRF by a Rogue Administrator using the Anti-Spam Allowlist Group Configuration via groupid parameter which can leads to a security bypass since changes are saved prior to checking the CSRF token. The Concrete CMS security team thanks z3rco for...

6.8CVSS5.9AI score0.00208EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/04 3:31 a.m.4 views

GHSA-6MXW-2VHF-42G5 Concrete CMS vulnerable to Cross-Site Request Forgery (CSRF)

Concrete CMS below version 9.4.8 is subject to CSRF by a Rogue Administrator using the Anti-Spam Allowlist Group Configuration via groupid parameter which can leads to a security bypass since changes are saved prior to checking the CSRF token. The Concrete CMS security team thanks z3rco for...

2.3CVSS5.9AI score0.00208EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/04 3:31 a.m.7 views

EUVD-2026-9357

Concrete CMS below version 9.4.8 is subject to CSRF by a Rogue Administrator using the Anti-Spam Allowlist Group Configuration via groupid parameter which can leads to a security bypass since changes are saved prior to checking the CSRF token. The Concrete CMS security team gave this vulnerabilit...

6.8CVSS5.9AI score0.00208EPSS
Exploits1References3
OSV
OSV
added 2026/03/04 3:16 a.m.2 views

CVE-2026-2994

Concrete CMS below version 9.4.8 is subject to CSRF by a Rogue Administrator using the Anti-Spam Allowlist Group Configuration via groupid parameter which can leads to a security bypass since changes are saved prior to checking the CSRF token. The Concrete CMS security team gave this vulnerabilit...

6.8CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2026/03/04 3:16 a.m.6 views

CVE-2026-2994

Concrete CMS below version 9.4.8 is subject to CSRF by a Rogue Administrator using the Anti-Spam Allowlist Group Configuration via groupid parameter which can leads to a security bypass since changes are saved prior to checking the CSRF token. The Concrete CMS security team gave this vulnerabilit...

6.8CVSS0.00208EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/04 2:18 a.m.3 views

CVE-2026-2994

Concrete CMS below version 9.4.8 is subject to CSRF by a Rogue Administrator using the Anti-Spam Allowlist Group Configuration via groupid parameter which can leads to a security bypass since changes are saved prior to checking the CSRF token. The Concrete CMS security team gave this vulnerabilit...

2.3CVSS5.9AI score0.00208EPSS
Exploits1References3
CVE
CVE
added 2026/03/04 2:18 a.m.15 views

CVE-2026-2994

Concrete CMS versions prior to 9.4.8 are vulnerable to CSRF via the Anti-Spam Allowlist Group Configuration (group_id parameter). The root cause is that changes are saved before CSRF token validation, enabling a Rogue Administrator to bypass CSRF protections. Affected software: Concrete CMS

6.8CVSS5.9AI score0.00208EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/04 2:18 a.m.29 views

CVE-2026-2994 Concrete CMS below 9.4.8 is vulnerable to CSRF by a Rogue Admin using the Anti-Spam Allowlist Group

Concrete CMS below version 9.4.8 is subject to CSRF by a Rogue Administrator using the Anti-Spam Allowlist Group Configuration via groupid parameter which can leads to a security bypass since changes are saved prior to checking the CSRF token. The Concrete CMS security team gave this vulnerabilit...

2.3CVSS0.00208EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.7 views

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system designed for teams. Versions of Concrete CMS prior to 9.4.8 contained a security vulnerability. This vulnerability stemmed from cross-site request forgery involving the groupid parameter in the Anti-Spam Allowlist Group Configuration, which...

6.8CVSS5.7AI score0.00208EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.9 views

PT-2026-22864

Concrete CMS below version 9.4.8 is subject to CSRF by a Rogue Administrator using the Anti-Spam Allowlist Group Configuration via group id parameter which can leads to a security bypass since changes are saved prior to checking the CSRF token. The Concrete CMS security team gave this vulnerabili...

2.3CVSS5.9AI score0.00208EPSS
Exploits1References3
Rows per page
Query Builder