VDB
KO
LOW

GHSA-qj94-6rx6-27fr

Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file addFavoriteFolder($id)

Details

Concrete CMS 9 through 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file addFavoriteFolder($id).

Are you affected?

Enter the version of the package you're using.

Affected packages

Packagist / concrete5/concrete5
Introduced in: 9.0.0RC1 Fixed in: 9.5.1
Fix composer require concrete5/concrete5:^9.5.1

References