Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file removeFavoriteFolder($id).
{
"github_reviewed": true,
"nvd_published_at": "2026-05-21T22:16:51Z",
"cwe_ids": [
"CWE-352"
],
"severity": "LOW",
"github_reviewed_at": "2026-06-24T21:36:08Z"
}