PT-2021-15292 · Unknown · Concrete Cms
Published
2021-09-23
·
Updated
2021-10-19
·
CVE-2021-22949
CVSS v2.0
5.8
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Concrete CMS versions 8.5.5 and below
Description
A CSRF issue allows an attacker to duplicate files, potentially leading to UI inconvenience and exhaustion of disk space. The issue was discovered by the Solar Security CMS Research Team.
Recommendations
For Concrete CMS versions 8.5.5 and below, update to a version above 8.5.5 to resolve the issue.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Concrete Cms