6.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
21.6%
Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: “Solar Security Research Team”
documentation.concretecms.org/developers/introduction/version-history/856-release-notes
hackerone.com/reports/1102177