CVE-2026-8434

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file rescanMultiple. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks...

CVE-2026-8434 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescanMultiple()

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file rescanMultiple. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

CVE-2026-8434

Concrete CMS 9.x prior to 9.5.0 is vulnerable to CSRF at the concrete/controllers/backend/file rescanMultiple() endpoint. Root cause: CSRF in the rescanMultiple() handler, reported with CVSS v4.0 vector AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N and a base score of 2.3 (LOW). Impact i...

PT-2026-42576

Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.0 through 9.4.x Description Cross Site Request Forgery CSRF occurs at the 'concrete/controllers/backend/file' endpoint within the rescanMultiple function. CSRF is a type of attack that tricks a victim into submitting a...

Concrete CMS 跨站请求伪造漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS prior to 9.5.0 had a cross-site request forgeing vulnerability. This vulnerability was exploited through the concrete/controllers/backend/file rescanMultiple function, making it susceptibl...