CVE-2021-40101

December 1, 2021

An issue was discovered in Concrete CMS before 8.5.7. The Dashboard allows a user’s password to be changed without a prompt for the current password.

Summary:

An issue was discovered in Concrete CMS before 8.5.7. The Dashboard allows a user’s password to be changed without a prompt for the current password.

Reference Links(if available):

  • https://documentation.concretecms.org/developers/introduction/version-history/857-release-notes
  • https://hackerone.com/reports/1065577

  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    image 4

    Akira Ransomware Victim: Serfilco, RP Adams, Baron Blakeslee, Pac er, Service Filtrati on of Canada, Polyma r[.]

    April 18, 2024
    cybersecurity

    Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters

    April 18, 2024
    image 1

    8 Base Ransomware Victim: YRW Limited – Chartered Accountants

    April 18, 2024
    image 1

    8 Base Ransomware Victim: APS – Automotive Parts Solutions

    April 18, 2024
    image 1

    8 Base Ransomware Victim: PWS – The Laundry Company

    April 18, 2024