Lucene search
K

4 matches found

NVD
NVD
added 2026/05/22 3:16 p.m.22 views

CVE-2026-8340

Concrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::approveVersion. Victim with editfilecontents permission is CSRF'd into publishing an attacker-chosen previously-uploaded version downgrade to an older version of a file, or activation of a co-editor's unpublished version. The...

4.3CVSS0.00103EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/22 1:58 p.m.10 views

CVE-2026-8340 Concrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::approveVersion

Concrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::approveVersion. Victim with editfilecontents permission is CSRF'd into publishing an attacker-chosen previously-uploaded version downgrade to an older version of a file, or activation of a co-editor's unpublished version. The...

2.3CVSS5.8AI score0.00103EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/22 1:58 p.m.12 views

EUVD-2026-31441

Concrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::approveVersion. Victim with editfilecontents permission is CSRF'd into publishing an attacker-chosen previously-uploaded version downgrade to an older version of a file, or activation of a co-editor's unpublished version. The...

2.3CVSS5.8AI score0.00103EPSS
Exploits0References1
CVE
CVE
added 2026/05/22 1:58 p.m.29 views

CVE-2026-8340

Concrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::approveVersion, enabling a user with edit_file_contents to publish an attacker‑chosen version (downgrade or publish an unpublished co-editor version). The entry provides CVSS v4.0 base score 2.3 (low) with network attack vector ...

4.3CVSS5.8AI score0.00103EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder