Session fixation

2021-09-2313:15:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.6%

JSON

Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: “Solar Security Research Team”

CPENameOperatorVersion
concrete_cmslt8.5.6

CPE	Name	Operator	Version
	concrete_cms	lt	8.5.6

References

documentation.concretecms.org/developers/introduction/version-history/856-release-notes

hackerone.com/reports/1102177