Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions can be granted when creating a directory with permissions greater than 0755 or when the permissions argument is not specified.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-11-17T00:00:00
Updated: 2023-11-17T03:45:45.564576
Reserved: 2023-11-17T00:00:00
Link: CVE-2023-48648
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-11-17T04:15:07.093
Modified: 2023-11-22T00:06:56.547
Link: CVE-2023-48648
JSON object: View
Redhat Information
No data.
CWE