GHSA-8c7c-h7px-267gMedium
Concrete CMS is vulnerable to IDOR in surveys
🔗 CVE IDs covered (1)
📋 Description
Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unauthenticated attacker can vote in the restricted survey by submitting the restricted optionID through the public survey’s endpoint.
🎯 Affected products1
- composer/concrete5/concrete5:< 9.5.1