6 matches found
EUVD-2026-31349
Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/getrating' endpoint confirms existence and returns rating score for any message by ID. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with...
CVE-2026-8239
Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/getrating' endpoint confirms existence and returns rating score for any message by ID. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with...
CVE-2026-8239 Concrete CMS 9.5.0 and below is vulnerable to IDOR in '/ccm/frontend/conversations/get_rating'
Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/getrating' endpoint confirms existence and returns rating score for any message by ID. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with...
CVE-2026-8239
Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/getrating' endpoint confirms existence and returns rating score for any message by ID. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3 with...
CVE-2026-8239
Concrete CMS
PT-2026-42561
Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description An Insecure Direct Object Reference IDOR exists where the '/ccm/frontend/conversations/get rating' endpoint confirms the existence of and returns the rating score for any message by ID. IDOR is ...