GHSA-vpgr-cwfx-pwfwMedium
Concrete CMS is vulnerable to unauthenticated page metadata disclosure
🔗 CVE IDs covered (1)
📋 Description
Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure across every page with a configured summary template, revealing the existence of private, draft, and restricted pages while leaking title, path, description, and author information.
🎯 Affected products1
- composer/concrete5/concrete5:< 9.5.1