2 matches found
CVE-2023-48648
Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions such as the Mkdir function gives universal access 0777 to created folders by default. Excessive permissions can be granted when creating...
CVE-2023-48648
Concrete CMS before 8.5.13 and 9.x before 9.2.2 is affected by an insecure directory-permission issue. When creating directories (e.g., via Mkdir()), folders may be created with overly permissive permissions (default 0777, or greater than 0755 if not specified), enabling unauthorized access to cr...