Total
87 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-40097 | 1 Concretecms | 1 Concrete Cms | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter. | |||||
CVE-2021-22970 | 1 Concretecms | 1 Concrete Cms | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Concrete CMS (formerly concrete5) versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa. SSRF attacks on the private LAN servers by reading files from the local LAN. An attacker can pivot in the private LAN and exploit local network appsandb. SSRF Mitigation Bypass through DNS RebindingConcrete CMS security team gave this a CVSS score of 3.5 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:NConcrete CMS is maintaining Concrete version 8.5.x until 1 May 2022 for security fixes.This CVE is shared with HackerOne Reports https://hackerone.com/reports/1364797 and https://hackerone.com/reports/1360016Reporters: Adrian Tiron from FORTBRIDGE (https://www.fortbridge.co.uk/ ) and Bipul Jaiswal | |||||
CVE-2021-40099 | 1 Concretecms | 1 Concrete Cms | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
An issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP leads to remote code execution. | |||||
CVE-2021-40105 | 1 Concretecms | 1 Concrete Cms | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Concrete CMS through 8.5.5. There is XSS via Markdown Comments. | |||||
CVE-2021-40100 | 1 Concretecms | 1 Concrete Cms | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Editor is set to Rich Text. | |||||
CVE-2021-22967 | 1 Concretecms | 1 Concrete Cms | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In Concrete CMS (formerly concrete 5) below 8.5.7, IDOR Allows Unauthenticated User to Access Restricted Files If Allowed to Add Message to a Conversation.To remediate this, a check was added to verify a user has permissions to view files before attaching the files to a message in "add / edit messageā.Concrete CMS security team gave this a CVSS v3.1 score of 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NCredit for discovery Adrian H | |||||
CVE-2021-40102 | 1 Concretecms | 1 Concrete Cms | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File deletion can occur via PHAR deserialization in is_dir (PHP Object Injection associated with the __wakeup magic method). | |||||
CVE-2021-22951 | 1 Concretecms | 1 Concrete Cms | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Unauthorized individuals could view password protected files using view_inline in Concrete CMS (previously concrete 5) prior to version 8.5.7. Concrete CMS now checks to see if a file has a password in view_inline and, if it does, the file is not rendered.For version 8.5.6, the following mitigations were put in place a. restricting file types for view_inline to images only b. putting a warning in the file manager to advise users.Credit for discovery: "Solar Security Research Team"Concrete CMS security team CVSS scoring is 5.3: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NThis fix is also in Concrete version 9.0.0 | |||||
CVE-2021-40108 | 1 Concretecms | 1 Concrete Cms | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in Concrete CMS through 8.5.5. The Calendar is vulnerable to CSRF. ccm_token is not verified on the ccm/calendar/dialogs/event/add/save endpoint. | |||||
CVE-2021-22949 | 1 Concretecms | 1 Concrete Cms | 2024-02-28 | 5.8 MEDIUM | 5.4 MEDIUM |
A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security CMS Research Team" | |||||
CVE-2021-36766 | 1 Concretecms | 1 Concrete Cms | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/single_page/dashboard/system/environment/logging.php Logging::update_logging() method. User input passed through the logFile request parameter is not properly sanitized before being used in a call to the file_exists() PHP function. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope (PHP Object Injection via phar:// stream wrapper), allowing them to carry out a variety of attacks, such as executing arbitrary PHP code. | |||||
CVE-2021-3111 | 1 Concretecms | 1 Concrete Cms | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI. | |||||
CVE-2021-28145 | 1 Concretecms | 1 Concrete Cms | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
Concrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. This requires at least Editor privileges. | |||||
CVE-2020-11476 | 1 Concretecms | 1 Concrete Cms | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file. | |||||
CVE-2020-24986 | 1 Concretecms | 1 Concrete Cms | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands. | |||||
CVE-2020-14961 | 1 Concretecms | 1 Concrete Cms | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value. | |||||
CVE-2011-3183 | 1 Concretecms | 1 Concrete Cms | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
A Cross-Site Scripting (XSS) vulnerability exists in the rcID parameter in Concrete CMS 5.4.1.1 and earlier. | |||||
CVE-2018-19146 | 1 Concretecms | 1 Concrete Cms | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
Concrete5 8.4.3 has XSS because config/concrete.php allows uploads (by administrators) of SVG files that may contain HTML data with a SCRIPT element. | |||||
CVE-2018-13790 | 1 Concretecms | 1 Concrete Cms | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL functionality on the File Manager page. | |||||
CVE-2017-18195 | 1 Concretecms | 1 Concrete Cms | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental 'cnvID' integers. |