CVE-2023-48648
📋 TL;DR
Concrete CMS versions before 8.5.13 and 9.x before 9.2.2 create directories with insecure default permissions (0777), allowing unauthorized access. This affects all installations using vulnerable versions, potentially exposing sensitive files to attackers.
💻 Affected Systems
- Concrete CMS
📦 What is this software?
Concrete Cms by Concretecms
Concrete Cms by Concretecms
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain full read/write access to web directories, enabling file uploads, code execution, data theft, and complete system compromise.
Likely Case
Unauthorized users access sensitive configuration files, upload malicious content, or modify existing files to establish persistence.
If Mitigated
With proper file system permissions and web server restrictions, impact is limited to directory enumeration and potential information disclosure.
🎯 Exploit Status
Exploitation requires directory creation functionality to be triggered, which may occur through normal CMS operations or attacker-controlled inputs.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 8.5.13 or 9.2.2
Vendor Advisory: https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release
Restart Required: No
Instructions:
1. Backup your Concrete CMS installation and database. 2. Update to Concrete CMS 8.5.13 or 9.2.2 via the admin dashboard or manual upgrade. 3. Verify the update completed successfully.
🔧 Temporary Workarounds
Manual directory permission hardening
linuxManually set secure permissions (0755 or stricter) on all web-accessible directories created by Concrete CMS.
find /path/to/concretecms -type d -exec chmod 0755 {} \;
🧯 If You Can't Patch
- Implement strict file system monitoring and alerting for directory permission changes.
- Restrict web server user permissions and implement application-level access controls.
🔍 How to Verify
Check if Vulnerable:
Check Concrete CMS version in admin dashboard or via /concrete/config/concrete.php version constant.Check Version:
grep "define('APP_VERSION'" /path/to/concrete/config/concrete.phpVerify Fix Applied:
Verify version is 8.5.13 or higher for version 8, or 9.2.2 or higher for version 9.📡 Detection & Monitoring
Log Indicators:
- Unusual directory creation events in web server logs
- File permission change alerts from system monitoring
Network Indicators:
- Unexpected file uploads or directory listing requests
SIEM Query:
source="web_server" (event="MKDIR" OR event="directory_creation") AND (permission="0777" OR permission="world_writable")🔗 References
- https://documentation.concretecms.org/developers/introduction/version-history/8513-release-notes
- https://documentation.concretecms.org/developers/introduction/version-history/922-release-notes
- https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release
- https://documentation.concretecms.org/developers/introduction/version-history/8513-release-notes
- https://documentation.concretecms.org/developers/introduction/version-history/922-release-notes
- https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release
