Description
Concrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets.
Scores
CVSS v3
5.3
EPSS
0.0020
EPSS Percentile
41.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-640
Status
published
Products (2)
concrete5/concrete5
0 - 9.1.0Packagist
concretecms/concrete_cms
< 9.1.0
Published
Apr 28, 2023
Tracked Since
Feb 18, 2026