Concrete Cms@9.0 Security Vulnerabilities and Issues — Concrete Cms@9.0 CVE List

Lucene search

ConcretecmsConcrete Cms9.0

3 matches found

CVE•added 2023/11/17 4:15 a.m.•53 views

CVE-2023-48648

Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions can be granted when crea...

9.8CVSS9.3AI score0.00729EPSS

CVE•added 2023/11/17 4:15 a.m.•42 views

CVE-2023-48649

Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name.

5.4CVSS5.2AI score0.01256EPSS

CVE•added 2023/12/25 8:15 a.m.•31 views

CVE-2023-48652

Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) via /ccm/system/dialogs/logs/delete_all/submit. An attacker can force an admin user to delete server report logs on a web application to which they are currently authenticated.

4.3CVSS4.6AI score0.00256EPSS