LOW

GHSA-6qjh-p324-694f

Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescanMultiple()

Details

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescanMultiple().

Enter the version of the package you're using.

Introduced in: 9.0.0RC1 Fixed in: 9.5.1

Fix composer require concrete5/concrete5:^9.5.1