CSRF Vulnerability in Concrete CMS Prior to 8.5.6 Allows Deletion of Attachments in Conversation Comments

CSRF Vulnerability in Concrete CMS Prior to 8.5.6 Allows Deletion of Attachments in Conversation Comments

CVE-2021-22950 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team"

Learn more about our Cms Pen Testing.