2 matches found
CVE-2026-7879 Concrete CMS 9.5.0 and below is vulnerable to File Download Authorization Bypass in submit_password()
In Concrete CMS 9.5.0 and below, the submitpassword method in concrete/controllers/singlepage/downloadfile.php allows unauthorized file access since downloading permission-restricted files bypasses the viewfile permission check. Files without passwords can be downloaded and any user who knows a...
CVE-2026-7879 Concrete CMS 9.5.0 and below is vulnerable to File Download Authorization Bypass in submit_password()
In Concrete CMS 9.5.0 and below, the submitpassword method in concrete/controllers/singlepage/downloadfile.php allows unauthorized file access since downloading permission-restricted files bypasses the viewfile permission check. Files without passwords can be downloaded and any user who knows a...