CVE-2023-48651
published 2024-02-29CVE-2023-48651: Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) at /ccm/system/dialogs/file/delete/1/submit.
PriorityP417medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
EPSS
0.28%
19.5th percentile
Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) at /ccm/system/dialogs/file/delete/1/submit.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| concrete5 | concrete5 | >= 9.0.0 < 9.2.3 | 9.2.3 |
| concretecms | concrete_cms | >= 9.0.0 < 9.2.3 | 9.2.3 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
osv5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
ProFTPD vulnerabilities
osv·2025-02-25·CVSS 5.9
CVE-2023-48795 ProFTPD vulnerabilities
ProFTPD vulnerabilities
Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that the
transport protocol implementation in ProFTPD had weak integrity checks.
An attacker could use this vulnerability to bypass security features
like encryption and integrity checks. (CVE-2023-48795)
Martin Mirchev discovered that ProFTPD did not properly validate user
input over the network. An attacker could use this vulnerability to
crash ProFTPD or execute arbitrary code. (CVE-2023-51713)
Brian Ristuccia discovered that ProFTPD incorrectly inherited groups
from the parent process. An attacker could use this vulnerability to
elevate privileges. (CVE-2024-48651)
OSV
Concrete CMS Cross Site Request Forgery (CSRF) vulnerability
osv·2024-02-29
CVE-2023-48651 [MEDIUM] Concrete CMS Cross Site Request Forgery (CSRF) vulnerability
Concrete CMS Cross Site Request Forgery (CSRF) vulnerability
Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) at /ccm/system/dialogs/file/delete/1/submit.
GHSA
Concrete CMS Cross Site Request Forgery (CSRF) vulnerability
ghsa·2024-02-29
CVE-2023-48651 [MEDIUM] CWE-352 Concrete CMS Cross Site Request Forgery (CSRF) vulnerability
Concrete CMS Cross Site Request Forgery (CSRF) vulnerability
Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) at /ccm/system/dialogs/file/delete/1/submit.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://documentation.concretecms.org/developers/introduction/version-history/923-release-noteshttps://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updateshttps://documentation.concretecms.org/developers/introduction/version-history/923-release-noteshttps://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates
2024-02-29
Published