Tahabiyikli-Vortex

**Name of the Vulnerable Software and Affected Versions** Concrete CMS versions prior to 8.5.13 Concrete CMS versions 9.x prior to 9.2.2 **Description** The issue allows unauthorized access due to directories being created with insecure permissions. File creation functions, such as the `Mkdir()` function, give universal access (0777) to created folders by default. Excessive permissions can be granted when creating a directory with permissions greater than 0755 or when the permissions argument is not specified. **Recommendations** For versions prior to 8.5.13, update to version 8.5.13 or later to resolve the issue. For versions 9.x prior to 9.2.2, update to version 9.2.2 or later to resolve the issue. As a temporary workaround, consider setting the permissions argument to 0755 or less when creating directories using the `Mkdir()` function to minimize the risk of exploitation.