0.001 Low
EPSS
Percentile
42.8%
concrete5/concrete5 is vulnerable to privilege escalation. The vulnerability exists in ‘bulkupdate.php’ because the ‘view’ permissions granted users in that group can escalate to being an administrator using specially crafted curl.
documentation.concretecms.org/developers/introduction/version-history/857-release-notes
github.com/concrete5/concrete5/commit/3012dab85f44e5081e82f2d58948dc696f95a200
hackerone.com/reports/1362747