LOW
GHSA-xj25-753j-wgp9
Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/express/association/reorder
Details
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/express/association/reorder.
Are you affected?
Enter the version of the package you're using.
Affected packages
Packagist / concrete5/concrete5
Introduced in:
9.0.0RC1 Fixed in: 9.5.1 Fix
composer require concrete5/concrete5:^9.5.1