Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-48653

Published: 29/02/2024 Updated: 29/02/2024

Vulnerability Summary

Concrete CMS prior to 8.5.14 and 9 prior to 9.2.3 allows Cross Site Request Forgery (CSRF) via ccm/calendar/dialogs/event/delete/submit. An attacker can force an admin to delete events on the site because the event ID is numeric and sequential.

References

https://documentation.concretecms.org/developers/introduction/version-history/923-release-noteshttps://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updateshttps://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710arbitrary CVE-2024-5272CVE-2024-2961brute forceremoteCVE-2024-32944CVE-2024-36241CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook