Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.9 views

CVE-2026-8337

Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unauthenticated attacker can vote in the restricted survey by submitting the restricted optionID throu...

6.3CVSS5.3AI score0.00194EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/22 12:31 a.m.13 views

EUVD-2026-31359

Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unauthenticated attacker can vote in the restricted survey by submitting the restricted optionID throu...

6.3CVSS5.8AI score0.00194EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/21 11:45 p.m.12 views

Authorization Bypass Through User-Controlled Key

Overview concrete5/concrete5 is a concrete5 open source CMS. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the surveys process. An attacker can gain unauthorized access to restricted survey functionality by submitting a restricted option ...

6.3CVSS5.7AI score0.00194EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/21 9:13 p.m.31 views

CVE-2026-8337 Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys when sites are running concurrent public surveys and private surveys

Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unauthenticated attacker can vote in the restricted survey by submitting the restricted optionID throu...

6.3CVSS0.00194EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/21 9:13 p.m.8 views

CVE-2026-8337

Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unauthenticated attacker can vote in the restricted survey by submitting the restricted optionID throu...

6.3CVSS5.8AI score0.00194EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/21 9:13 p.m.8 views

CVE-2026-8337 Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys when sites are running concurrent public surveys and private surveys

Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unauthenticated attacker can vote in the restricted survey by submitting the restricted optionID throu...

6.3CVSS5.8AI score0.00194EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 9:13 p.m.20 views

CVE-2026-8337

Concrete CMS

6.3CVSS5.8AI score0.00194EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder