CVE-2021-22954

Summary

A cross-site request forgery vulnerability exists in Concrete CMS <v9 that could allow an attacker to make requests on behalf of other users.

Affected Software

VendorProductVersion RangeStatus
n/ahttps://github.com/concrete5/concrete5fixed in Concrete CMS v 9.0affected

Weaknesses

  • CWE-352: Cross-Site Request Forgery (CSRF) (CWE-352)

ADP Enrichment

CVE Program Container

Additional References

References