Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.10 views

CVE-2026-8237

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The /ccm/frontend/conversations/messagedetail endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and th...

6.3CVSS5.5AI score0.00201EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/22 12:31 a.m.12 views

EUVD-2026-31352

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The /ccm/frontend/conversations/messagedetail endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and th...

6.3CVSS5.8AI score0.00201EPSS
Exploits0References2
NVD
NVD
added 2026/05/21 10:16 p.m.14 views

CVE-2026-8237

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The /ccm/frontend/conversations/messagedetail endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and th...

6.3CVSS0.00201EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/21 9:1 p.m.6 views

CVE-2026-8237 Concrete CMS 9.5.0 and below is vulnerable to IDOR in the`/ccm/frontend/conversations/message_detail` endpoint

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The /ccm/frontend/conversations/messagedetail endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and th...

6.3CVSS5.8AI score0.00201EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/21 9:1 p.m.6 views

CVE-2026-8237

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The /ccm/frontend/conversations/messagedetail endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and th...

6.3CVSS5.8AI score0.00201EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/21 9:1 p.m.22 views

CVE-2026-8237

CVE-2026-8237 affects Concrete CMS 9.5.0 and earlier. The vulnerability is an IDOR in the /ccm/frontend/conversations/message_detail endpoint, which can expose full content of conversation messages, including those from restricted pages, member-only areas, and the moderation queue, as well as fil...

6.3CVSS5.8AI score0.00201EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder