CVE-2026-7882

Concrete CMS 9.5.0 and below is vulnerable to unauthorized file deletion due to an Inverted CSRF token check in the DeleteFile controller. The code throws an error when the token IS valid and proceeds with file deletion when the token is invalid or missing. This effectively disables CSRF protecti...

CVE-2026-7882

Summary: Concrete CMS 9.5.0 and earlier is vulnerable to unauthorized file deletion due to an inverted CSRF token check in the DeleteFile controller. The code treats a valid token as an error and proceeds with deletion when the token is invalid or missing, effectively disabling CSRF protection fo...

CVE-2026-7882 Concrete CMS 9.5.0 and below is vulnerable to CSRF via the DeleteFile controller

Concrete CMS 9.5.0 and below is vulnerable to unauthorized file deletion due to an Inverted CSRF token check in the DeleteFile controller. The code throws an error when the token IS valid and proceeds with file deletion when the token is invalid or missing. This effectively disables CSRF protecti...

Concrete CMS 跨站请求伪造漏洞

Concrete CMS is an open-source content management system designed for teams. Versions of Concrete CMS 9.5.0 and earlier contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the reverse implementation of CSRF token checks in the DeleteFile controller, which could...