CVE-2021-22953

Summary

A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team"

Affected Software

VendorProductVersion RangeStatus
n/ahttps://github.com/concrete5/concrete5fixed in Concrete CMS version 8.5.6affected

Weaknesses

  • CWE-352: Cross-Site Request Forgery (CSRF) (CWE-352)

ADP Enrichment

CVE Program Container

Additional References

References