CVE-2021-22949

Summary

A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security CMS Research Team"

Affected Software

VendorProductVersion RangeStatus
n/ahttps://github.com/concrete5/concrete5Fixed in version 8.5.6affected

Weaknesses

  • CWE-352: Cross-Site Request Forgery (CSRF) (CWE-352)

ADP Enrichment

CVE Program Container

Additional References

References