CVE-2023-48653
Concrete CMS versions prior to 8.5.14 and 9 prior to 9.2.3 are affected by a CSRF vulnerability in the endpoint /ccm/calendar/dialogs/event/delete/submit. The issue arises from the numeric, sequential event IDs, which can allow an attacker to cause an admin to delete events on the site. The vulne...