3 matches found
CVE-2026-8410
Concrete CMS versions 9.0.0–9.4.9 are vulnerable to Cross-Site Request Forgery (CSRF) at the endpoint concrete/controllers/dialog/logs/bulk/delete. The issue stems from that specific path and affects versions up to 9.4.9; upgrading to 9.5.0 or later is recommended. The data in connected sources c...
CVE-2023-37759
Incorrect access control in the User Registration page of Crypto Currency Tracker CCT before v9.5 allows unauthenticated attackers to register as an Admin account via a crafted POST request...
PT-2020-16754 · Teclib +1 · Glpi +1
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.3 Description: The issue is related to an Insecure Direct Object Reference IDOR vulnerability in the ajax/comments.php file. This vulnerability allows an attacker to read data from any database table, such as glpi...