2 matches found
PT-2026-42772
Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description Cross-Site Request Forgery CSRF occurs via the approveVersion function within the BackendFile class. An attacker can trick a user with edit file contents permissions into publishing a previously...
CVE-2026-8435
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file approveVersion. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...