CVE-2023-48652 | Concrete CMS up to 9.2.2 submit cross-site request forgery

Posted by Angelo Barbosa | Dec 25, 2023 | CVE

A vulnerability has been found in Concrete CMS up to 9.2.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /ccm/system/dialogs/logs/delete_all/submit. The manipulation leads to cross-site request forgery.

This vulnerability is known as CVE-2023-48652. The attack can be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2023-48652 | Concrete CMS up to 9.2.2 submit cross-site request forgery

Related Posts

CVE-2021-47222 | Linux Kernel up to 4.14.237/4.19.195/5.4.127/5.10.45/5.12.12 bridge include/net/dst.h dst_clone use after free

CVE-2023-32887 | MediaTek MT6990 Modem IMS Stack denial of service (MOLY01161837)

CVE-2024-31173 | Open Networking Foundation libfluid 0.1.0 unpack out-of-bounds

CVE-2021-47327 | Linux Kernel up to 5.4.133/5.10.51/5.12.18/5.13.3 arm_smmu_rpm_get memory leak