CVE-2026-7888
Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that lack the allowed_classes restriction.List of 11,568 websites affected by CVE-2026-7888
The domain names are hidden due to the sensitivity of the data. Please click on the "Contact us" button above to get more information.
| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *************.com |  United States | **,*** | |
| ***.nl | United States | **,*** | |
| ****************.org | United States | **,*** | |
| *****.**.jp |  Japan | **,*** | |
| **.*********.jp | Japan | **,*** | |
| ******.*******.edu | United States | ***,*** | |
| **.nl |  Netherlands | ***,*** | |
| ***.*********.jp | Japan | ***,*** | |
| *************.org | United States | ***,*** | |
| ***************.com | United States | ***,*** | |
| ****.*******.edu | United States | ***,*** | |
| **********************.ch |  Switzerland | ***,*** | |
| *************************************************.***.au |  Australia | ***,*** | |
| ******************.com | United States | ***,*** | |
| **************.org | United States | ***,*** | |
| ****.***.edu | United States | ***,*** | |
| ************.org | United States | ***,*** | |
| ****.eu |  Belgium | ***,*** | |
| ****************.**.uk |  GB | ***,*** | |
| *****.com | United States | ***,*** |