CVE-2023-48648
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions can be granted when creating a directory with permissions greater than 0755 or when the permissions argument is not specified.
Concrete CMS anterior a 8.5.13 y 9.x anterior a 9.2.2 permite el acceso no autorizado porque se pueden crear directorios con permisos inseguros. Las funciones de creación de archivos (como la función Mkdir()) brindan acceso universal (0777) a las carpetas creadas de forma predeterminada. Se pueden otorgar permisos excesivos al crear un directorio con permisos superiores a 0755 o cuando no se especifica el argumento de permisos.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2023-11-17 CVE Reserved
- 2023-11-17 CVE Published
- 2023-11-22 EPSS Updated
- 2024-08-29 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-276: Incorrect Default Permissions
CAPEC
References (3)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Concretecms Search vendor "Concretecms" | Concrete Cms Search vendor "Concretecms" for product "Concrete Cms" | < 8.5.13 Search vendor "Concretecms" for product "Concrete Cms" and version " < 8.5.13" | - |
Affected
| ||||||
| Concretecms Search vendor "Concretecms" | Concrete Cms Search vendor "Concretecms" for product "Concrete Cms" | >= 9.0 < 9.2.2 Search vendor "Concretecms" for product "Concrete Cms" and version " >= 9.0 < 9.2.2" | - |
Affected
| ||||||