CVE-2023-28473

LOW

Concrete CMS <8.5.12 & 9.0-9.1.3 - Auth Bypass

Title source: llm

Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to possible Auth bypass in the jobs section.

Core 3

Core References

Various Sources

Product

Vendor Advisory

CVSS v3 3.3

EPSS 0.0076

EPSS Percentile 50.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

CWE

CWE-287

Status published

Products (2)

concrete5/concrete5 0 - 9.2.0Packagist

concretecms/concrete_cms < 9.2.0

Published Apr 28, 2023

Tracked Since Feb 18, 2026