GHSA-66rg-92q4-6m8qLow
Concrete CMS is vulnerable to unauthorized file deletion
🔗 CVE IDs covered (1)
📋 Description
Concrete CMS 9.5.0 and below is vulnerable to unauthorized file deletion due to an Inverted CSRF token check in the DeleteFile controller. The code throws an error when the token IS valid and proceeds with file deletion when the token is invalid or missing. This effectively disables CSRF protection for the file deletion endpoint, allowing cross-site request forgery attacks against users who have permission to edit conversation messages.
🎯 Affected products1
- composer/concrete5/concrete5:< 9.5.1