4 matches found
CVE-2026-8236
Concrete CMS 9.5.0 and below is vulnerable to IDOR combined with a missing authentication gate. The endpoint /ccm/system/dialogs/file/usage/fID accepts an integer file ID in the URL and returns internal site structure data page IDs, versions, URL paths to anyone who sends a GET request. The...
CVE-2026-8236 Concrete CMS 9.5.0 and below is vulnerable to IDOR combined with a missing authentication gate for endpoint /ccm/system/dialogs/file/usage/{fID}
Concrete CMS 9.5.0 and below is vulnerable to IDOR combined with a missing authentication gate. The endpoint /ccm/system/dialogs/file/usage/fID accepts an integer file ID in the URL and returns internal site structure data page IDs, versions, URL paths to anyone who sends a GET request. The...
EUVD-2022-51837
Malicious code in bioql PyPI...
Information Disclosure
typo3/cms-core is vulnerable to Information Disclosure. The vulnerability exists because calling an URI with page-id query parameters that are not part of a particular site is not properly restricted which allows an attacker to add crafted query parameters to the URL of publicly available sites a...