Primary

Context

Concrete CMS Unauthorized File Access Vulnerability in Download Controller

Vulnerability

Patched

A vulnerability in Concrete CMS versions through 9.5.0 allows unauthorized access to files through the `submit_password()` method in the download file controller. The issue arises because the permission check for downloading files is improperly implemented. Files that are password-protected can be downloaded by any user who knows the password, regardless of their permission to access the file. Additionally, files without passwords can be downloaded freely. This vulnerability bypasses the `view_file` permission check, leading to unauthorized file access.

Impact

Exploitation of this vulnerability allows unauthorized users to access and download files that are supposed to be permission-restricted. This includes bypassing password protections on certain files, as long as the user knows the file's password.

Remediation

Users should upgrade to Concrete CMS version 9.5.1 or later, where this vulnerability has been fixed.

Added: May 21, 2026, 10:44 PM

Updated: May 21, 2026, 10:44 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

6.8

remediation

7.7

relevance

9.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

6.8

remediation

7.7

relevance

9.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Concrete CMS Unauthorized File Access Vulnerability in Download Controller

Vulnerability

Impact

Remediation

Affected Products

Concrete CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating