4 matches found
EUVD-2026-31359
Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unauthenticated attacker can vote in the restricted survey by submitting the restricted optionID throu...
CVE-2026-2994
Concrete CMS below version 9.4.8 is subject to CSRF by a Rogue Administrator using the Anti-Spam Allowlist Group Configuration via groupid parameter which can leads to a security bypass since changes are saved prior to checking the CSRF token. The Concrete CMS security team gave this vulnerabilit...
PortlandLabs Concrete CMS 代码问题漏洞
PortlandLabs Concrete CMS is a team-oriented open source content management system of the United States PortlandLabs company . An arbitrary file upload vulnerability exists in PortlandLabs Concrete CMS version v9.2.1, which stems from the application's lack of effective validation of uploaded...
PortlandLabs Concrete CMS 安全漏洞
PortlandLabs Concrete Cms is a team-oriented open source content management system for the United States PortlandLabs . A security vulnerability exists in PortlandLabs Concrete CMS 8.5.5 and earlier, which stems from an "SVG Sanitizer" bypass issue with the program. No details of the...