CVSS 3.1 Score 4.3 of 10 (medium)


Published Dec 25, 2023
Updated: Dec 29, 2023
CWE ID 352


CVE-2023-48652 is a Cross-Site Request Forgery (CSRF) vulnerability found in Concrete CMS 9 before version 9.2.3. This vulnerability allows an attacker to perform unauthorized actions on behalf of an admin user by tricking them into deleting server report logs on a web application where they are authenticated. The affected products include nKx8Me, nKx8Mf, nKx8Mc, ttJhc-, nKx8Md, t9Ita-, krCnuJ, o0RBjE, o0RBjC, and o0RBjD. To remediate this vulnerability, it is recommended to upgrade Concrete CMS to version 9.2.3 or apply any available patches or security updates provided by the vendor. The potential danger of this vulnerability lies in the ability for an attacker to manipulate and potentially disrupt the server report logs of an organization's web application, leading to potential data loss or compromise.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-48652 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options