exploitDog

CVE-2021-40101

Опубликовано: 30 нояб. 2021

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

An issue was discovered in Concrete CMS before 8.5.7. The Dashboard allows a user's password to be changed without a prompt for the current password.

Ссылки

https://documentation.concretecms.org/developers/introduction/version-history/857-release-notes
Release Notes
Vendor Advisory
https://hackerone.com/reports/1065577
Permissions Required
https://documentation.concretecms.org/developers/introduction/version-history/857-release-notes
Release Notes
Vendor Advisory
https://hackerone.com/reports/1065577
Permissions Required

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*

Версия до 8.5.7 (исключая)

EPSS

Процентиль: 92%

0.09143

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-732

Связанные уязвимости

GHSA-mxmv-qp6q-4xjp

github

около 4 лет назад

An issue was discovered in Concrete CMS before 8.5.7. The Dashboard allows a user's password to be changed without a prompt for the current password.

EPSS

Процентиль: 92%

0.09143

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-732