2 matches found
CVE-2021-40101
Concrete CMS before 8.5.7 contains an issue in the Dashboard where a user’s password can be changed without prompting for the current password. Affected component: Dashboard/password change logic. Root cause: lack of a current-password check during password update. Impact stated by sources: passw...
Concrete CMS < 8.5.7 Multiple Vulnerabilities
Concrete CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:concretecms:concretecms"; if...