Vulnerability Database

296,147

Total vulnerabilities in the database

CVE-2023-28473

Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to possible Auth bypass in the jobs section.

Published: Apr 28, 2023
Updated: May 10, 2024
CVE: CVE-2023-28473
GHSA: GHSA-pj76-75cm-3552
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.3
AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
concrete5 / concrete5	-	9.2.0
concretecms / concrete_cms	-	9.2.0