Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 up to and including 9.1.3 is vulnerable to possible Auth bypass in the jobs section.
concretecms concrete cms