PT-2023-21743 · Unknown · Concrete Cms
Adrian Tiron
·
Published
2023-04-28
·
Updated
2023-12-06
·
CVE-2023-28473
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Concrete CMS (previously concrete5) versions 8.5.12 and below
Concrete CMS (previously concrete5) versions 9.0 through 9.1.3
Description
The issue concerns a possible Auth bypass in the jobs section of Concrete CMS.
Recommendations
For versions 8.5.12 and below, update to version 9.2 or later.
For versions 9.0 through 9.1.3, update to version 9.2 or later.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Concrete Cms