LOW
GHSA-97jw-gr4m-c5v8
Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file star()
Details
Concrete CMS 9 through 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file star().
Are you affected?
Enter the version of the package you're using.
Affected packages
Packagist / concrete5/concrete5
Introduced in:
9.0.0RC1 Fixed in: 9.5.1 Fix
composer require concrete5/concrete5:^9.5.1