Youssef Eid

**Name of the Vulnerable Software and Affected Versions** Concrete CMS versions 9.5.0 and earlier **Description** The `submit password()` method in 'concrete/controllers/single page/download file.php' allows unauthorized file access because the process for downloading permission-restricted files bypasses the `view file` permission check. This allows files without passwords to be downloaded and enables any user who knows a file's password to download a password-protected file, regardless of their actual access permissions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.