CVE-2021-22950

Summary

Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team"

Affected Software

VendorProductVersion RangeStatus
n/ahttps://github.com/concrete5/concrete5Fixed version 8.5.6affected

Weaknesses

  • CWE-352: Cross-Site Request Forgery (CSRF) (CWE-352)

ADP Enrichment

CVE Program Container

Additional References

References