Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/05/21 9:9 p.m.12 views

CVE-2026-7881 Concrete CMS 9.5.0 and below is vulnerable to IDOR in the Express Entry Detail block

Concrete CMS 9.5.0 and below is subject to Insecure Direct Object Reference IDOR in the Express Entry Detail block via the exEntryID parameter. This IDOR leads to unauthorized access to all Express form submissions. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3...

6.3CVSS5.8AI score0.00204EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/21 9:9 p.m.7 views

CVE-2026-7881

Concrete CMS 9.5.0 and below is subject to Insecure Direct Object Reference IDOR in the Express Entry Detail block via the exEntryID parameter. This IDOR leads to unauthorized access to all Express form submissions. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3...

6.3CVSS5.8AI score0.00204EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.9 views

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier have security vulnerabilities. These vulnerabilities stem from insecure direct object references in the Express Entry Detail block, which may allow unauthorized access to...

6.3CVSS5.8AI score0.00204EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.13 views

PT-2026-42554

Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.5.0 and earlier Description An Insecure Direct Object Reference IDOR, which occurs when an application provides direct access to objects based on user-supplied input, exists in the Express Entry Detail block. By...

6.3CVSS5.8AI score0.00204EPSS
Exploits0References3
Rows per page
Query Builder