4 matches found
EUVD-2026-31371
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/express/association/reorder. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...
CVE-2026-8432 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file star()
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file star. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan Dror...
Cross site request forgery (csrf)
Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery CSRF at /ccm/system/dialogs/file/delete/1/submit...
Cross site request forgery (csrf)
Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery CSRF via /ccm/system/dialogs/logs/deleteall/submit. An attacker can force an admin user to delete server report logs on a web application to which they are currently authenticated...