CVE-2023-48648

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 17, 2023

Updated: Nov 22, 2023

CWE ID 276

Summary

CVE-2023-48648 is a vulnerability affecting Concrete CMS versions before 8.5.13 and 9.x before 9.2.2. This issue allows unauthorized access due to insecure directory permissions. By default, file creation functions, such as Mkdir(), grant universal access (0777) to newly created folders. Excessive permissions can be granted during directory creation if permissions greater than 0755 are specified or if the permissions argument is not provided.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Concretecms Concrete Cms

Affected Vendors

Concrete CMS

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tcaqQm
https://www.cve.org/CVERecord?id=CVE-2023-48648
https://nvd.nist.gov/vuln/detail/CVE-2023-48648

Back to Vulnerability Database