Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1tODdoLWp4cjYtZjgyd84AA3O-

Concrete CMS allows unauthorized access because directories can be created with insecure permissions

Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions can be granted when creating a directory with permissions greater than 0755 or when the permissions argument is not specified.

Permalink: https://github.com/advisories/GHSA-m87h-jxr6-f82w
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tODdoLWp4cjYtZjgyd84AA3O-
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 11 days ago
Updated: 11 days ago

Identifiers: GHSA-m87h-jxr6-f82w, CVE-2023-48648
References:

Affected Packages

packagist:concrete5/concrete5

Versions: >= 9.0.0, < 9.2.2, < 8.5.13
Fixed in: 9.2.2, 8.5.13