PT-2023-30872 · Unknown · Concrete Cms

Veshraj Ghimire

·

Publicado

2023-12-25

·

Atualizado

2024-12-16

·

CVE-2023-48651

CVSS v3.1

4.3

Média

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.2.3
Description The issue is related to Cross Site Request Forgery (CSRF) at the "/ccm/system/dialogs/file/delete/1/submit" API endpoint. This allows for unauthorized actions to be performed.
Recommendations For versions prior to 9.2.3, update to version 9.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/ccm/system/dialogs/file/delete/1/submit" API endpoint until a patch is applied.

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2023-48651
GHSA-45M2-8Q7F-93WV

Produtos afetados

Concrete Cms