2 matches found
CVE-2026-8340 Concrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::approveVersion
Concrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::approveVersion. Victim with editfilecontents permission is CSRF'd into publishing an attacker-chosen previously-uploaded version downgrade to an older version of a file, or activation of a co-editor's unpublished version. The...
PT-2026-42772
Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description Cross-Site Request Forgery CSRF occurs via the approveVersion function within the BackendFile class. An attacker can trick a user with edit file contents permissions into publishing a previously...