Home > Vulnerability Database > CVE-2023-48648

Mend.io Vulnerability Database

CVE-2023-48648

Good to know:

Date: November 16, 2023

Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions can be granted when creating a directory with permissions greater than 0755 or when the permissions argument is not specified.

Language: PHP

Severity Score

9.8

Related Resources (9)

Url: https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-48648

Url: https://github.com/concretecms/concretecms/commit/707b974826b761dda5c0baaf345c8582157d9307

Url: https://github.com/concretecms/concretecms

Url: https://documentation.concretecms.org/developers/introduction/version-history/8513-release-notes

Url: https://documentation.concretecms.org/developers/introduction/version-history/922-release-notes

Url: https://github.com/concretecms/concretecms/pull/11677

Url: https://github.com/concretecms/concretecms/commit/eb882681a0ed19798a8f689d257af8dfe2f3a279

Url: https://www.mend.io/vulnerability-database/CVE-2023-48648

Severity Score

9.8

Weakness Type (CWE)

Incorrect Default Permissions

CWE-276

Top Fix

Upgrade Version

Upgrade to version 8.5.13,9.2.2

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-48648

Good to know:

Date: November 16, 2023

Language: PHP

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?