Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:27
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-14 17:15
Updated : 2024-11-21 07:27
NVD link : CVE-2022-43693
Mitre link : CVE-2022-43693
CVE.ORG link : CVE-2022-43693
JSON object : View
Products Affected
concretecms
- concrete_cms
CWE
CWE-352
Cross-Site Request Forgery (CSRF)