Concrete CMS is vulnerable to cross-site request forgery. The vulnerability exists in multiple functions due to lack of checks in the State
parameter for external concrete authentication service which allows an attacker to initiate unwanted actions within the web application.
documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
documentation.concretecms.org/developers/introduction/version-history/913-release-notes
github.com/advisories/GHSA-w8fp-3gwq-gxpw
github.com/concretecms/concretecms-core/commit/09a42e4606461c11b40a5fe7d5ea5d30d702290b
github.com/concretecms/concretecms-core/commit/bdc343745d213326981e8abdc5678adcb0eceb14
github.com/concretecms/concretecms/commit/3834239002502a20f5effee2b09c9f35f4980a78
github.com/concretecms/concretecms/commit/e9131da39113535856f44b7fb1484002b2f61c30
github.com/concretecms/concretecms/pull/10984
github.com/concretecms/concretecms/releases/8.5.10
github.com/concretecms/concretecms/releases/9.1.3
www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31