CVE-2021-40101

An issue was discovered in Concrete CMS before 8.5.7. The Dashboard allows a user’s password to be changed without a prompt for the current password.

Summary:

An issue was discovered in Concrete CMS before 8.5.7. The Dashboard allows a user’s password to be changed without a prompt for the current password.

Reference Links(if available):

  • https://documentation.concretecms.org/developers/introduction/version-history/857-release-notes
  • https://hackerone.com/reports/1065577
  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)