PT-2023-30872 · Unknown · Concrete Cms

Veshraj Ghimire

Published

2023-12-25

Updated

2024-12-16

CVE-2023-48651

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.2.3

Description The issue is related to Cross Site Request Forgery (CSRF) at the "/ccm/system/dialogs/file/delete/1/submit" API endpoint. This allows for unauthorized actions to be performed.

Recommendations For versions prior to 9.2.3, update to version 9.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/ccm/system/dialogs/file/delete/1/submit" API endpoint until a patch is applied.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2023-48651

GHSA-45M2-8Q7F-93WV

Affected Products

Concrete Cms

PT-2023-30872 · Unknown · Concrete Cms

CVE-2023-48651

Weakness Enumeration

Related Identifiers

Affected Products

References · 8