GHSA-chfm-cm6h-q5x7Medium
Concrete CMS is subject to Insecure Direct Object Reference (IDOR) in the Express Entry Detail block
🔗 CVE IDs covered (1)
📋 Description
Concrete CMS 9.5.0 and below is subject to Insecure Direct Object Reference (IDOR) in the Express Entry Detail block via the exEntryID parameter. This IDOR leads to unauthorized access to all Express form submissions. The Concrete CMS security team thanks Tristan Madani for reporting this issue.
🎯 Affected products1
- composer/concrete5/concrete5:< 9.5.1