Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.9 views

CVE-2026-8432

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file star. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan Dror...

8.8CVSS5.5AI score0.0013EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/21 9:26 p.m.8 views

CVE-2026-8432 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file star()

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file star. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan Dror...

2.3CVSS5.8AI score0.0013EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/21 9:26 p.m.34 views

CVE-2026-8432 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file star()

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file star. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan Dror...

2.3CVSS0.0013EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 9:26 p.m.27 views

CVE-2026-8432

Concrete CMS versions prior to 9.5.0 are affected by a Cross-Site Request Forgery (CSRF) at the endpoint concrete/controllers/backend/file star(), due to a flaw in the star() function. Affected range includes 9.0.0 through 9.4.x. The issue is exploited by convincing an authenticated user to perfo...

8.8CVSS5.8AI score0.0013EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder