Filtered by vendor Concretecms
Subscriptions
Total
85 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-14961 | 1 Concretecms | 1 Concrete Cms | 2024-08-04 | 5.3 Medium |
Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value. | ||||
CVE-2020-11476 | 1 Concretecms | 1 Concrete Cms | 2024-08-04 | 7.2 High |
Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file. | ||||
CVE-2021-40101 | 1 Concretecms | 1 Concrete Cms | 2024-08-04 | 7.2 High |
An issue was discovered in Concrete CMS before 8.5.7. The Dashboard allows a user's password to be changed without a prompt for the current password. | ||||
CVE-2021-40108 | 1 Concretecms | 1 Concrete Cms | 2024-08-04 | 8.8 High |
An issue was discovered in Concrete CMS through 8.5.5. The Calendar is vulnerable to CSRF. ccm_token is not verified on the ccm/calendar/dialogs/event/add/save endpoint. | ||||
CVE-2021-40106 | 1 Concretecms | 1 Concrete Cms | 2024-08-04 | 6.1 Medium |
An issue was discovered in Concrete CMS through 8.5.5. There is unauthenticated stored XSS in blog comments via the website field. | ||||
CVE-2021-40104 | 1 Concretecms | 1 Concrete Cms | 2024-08-04 | 7.5 High |
An issue was discovered in Concrete CMS through 8.5.5. There is an SVG sanitizer bypass. | ||||
CVE-2021-40100 | 1 Concretecms | 1 Concrete Cms | 2024-08-04 | 5.4 Medium |
An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Editor is set to Rich Text. | ||||
CVE-2021-40103 | 1 Concretecms | 1 Concrete Cms | 2024-08-04 | 7.5 High |
An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF. | ||||
CVE-2021-40109 | 1 Concretecms | 1 Concrete Cms | 2024-08-04 | 6.4 Medium |
A SSRF issue was discovered in Concrete CMS through 8.5.5. Users can access forbidden files on their local network. A user with permissions to upload files from external sites can upload a URL that redirects to an internal resource of any file type. The redirect is followed and loads the contents of the file from the redirected-to server. Files of disallowed types can be uploaded. | ||||
CVE-2021-40105 | 1 Concretecms | 1 Concrete Cms | 2024-08-04 | 6.1 Medium |
An issue was discovered in Concrete CMS through 8.5.5. There is XSS via Markdown Comments. | ||||
CVE-2021-40097 | 1 Concretecms | 1 Concrete Cms | 2024-08-04 | 8.8 High |
An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter. | ||||
CVE-2021-40098 | 1 Concretecms | 1 Concrete Cms | 2024-08-04 | 9.8 Critical |
An issue was discovered in Concrete CMS through 8.5.5. Path Traversal leading to RCE via external form by adding a regular expression. | ||||
CVE-2021-40102 | 1 Concretecms | 1 Concrete Cms | 2024-08-04 | 9.1 Critical |
An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File deletion can occur via PHAR deserialization in is_dir (PHP Object Injection associated with the __wakeup magic method). | ||||
CVE-2021-40099 | 1 Concretecms | 1 Concrete Cms | 2024-08-04 | 7.2 High |
An issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP leads to remote code execution. | ||||
CVE-2021-36766 | 1 Concretecms | 1 Concrete Cms | 2024-08-04 | 7.2 High |
Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/single_page/dashboard/system/environment/logging.php Logging::update_logging() method. User input passed through the logFile request parameter is not properly sanitized before being used in a call to the file_exists() PHP function. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope (PHP Object Injection via phar:// stream wrapper), allowing them to carry out a variety of attacks, such as executing arbitrary PHP code. | ||||
CVE-2021-28145 | 1 Concretecms | 1 Concrete Cms | 2024-08-03 | 5.4 Medium |
Concrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. This requires at least Editor privileges. | ||||
CVE-2021-22950 | 1 Concretecms | 1 Concrete Cms | 2024-08-03 | 6.5 Medium |
Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team" | ||||
CVE-2021-22958 | 1 Concretecms | 1 Concrete Cms | 2024-08-03 | 9.8 Critical |
A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. Impact can vary depending on services exposed.CVSSv2.0 AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N | ||||
CVE-2021-22954 | 1 Concretecms | 1 Concrete Cms | 2024-08-03 | 8.8 High |
A cross-site request forgery vulnerability exists in Concrete CMS <v9 that could allow an attacker to make requests on behalf of other users. | ||||
CVE-2021-22951 | 1 Concretecms | 1 Concrete Cms | 2024-08-03 | 7.5 High |
Unauthorized individuals could view password protected files using view_inline in Concrete CMS (previously concrete 5) prior to version 8.5.7. Concrete CMS now checks to see if a file has a password in view_inline and, if it does, the file is not rendered.For version 8.5.6, the following mitigations were put in place a. restricting file types for view_inline to images only b. putting a warning in the file manager to advise users.Credit for discovery: "Solar Security Research Team"Concrete CMS security team CVSS scoring is 5.3: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NThis fix is also in Concrete version 9.0.0 |