2 matches found
PT-2023-30872 · Unknown · Concrete Cms
Name of the Vulnerable Software and Affected Versions: Concrete CMS versions prior to 9.2.3 Description: The issue is related to Cross Site Request Forgery CSRF at the "/ccm/system/dialogs/file/delete/1/submit" API endpoint. This allows for unauthorized actions to be performed. Recommendations: F...
CVE-2021-28052
A tenant administrator Hitachi Content Platform HCP may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user non-administrator may view configuration in another tenant without authorization. Thi...