Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:concretecms:concrete_cms:5.6.1.2:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-40108 |
An issue was discovered in Concrete CMS through 8.5.5. The Calendar is vulnerable to CSRF. ccm_token is not verified on the ccm/calendar/dialogs/event/add/save endpoint. Published: September 27, 2021; 9:15:08 AM -0400 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2021-40106 |
An issue was discovered in Concrete CMS through 8.5.5. There is unauthenticated stored XSS in blog comments via the website field. Published: September 27, 2021; 8:15:08 AM -0400 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-40105 |
An issue was discovered in Concrete CMS through 8.5.5. There is XSS via Markdown Comments. Published: September 27, 2021; 8:15:08 AM -0400 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-40104 |
An issue was discovered in Concrete CMS through 8.5.5. There is an SVG sanitizer bypass. Published: September 27, 2021; 8:15:08 AM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2021-40103 |
An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF. Published: September 27, 2021; 8:15:08 AM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2021-40098 |
An issue was discovered in Concrete CMS through 8.5.5. Path Traversal leading to RCE via external form by adding a regular expression. Published: September 27, 2021; 8:15:08 AM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2021-40097 |
An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter. Published: September 27, 2021; 8:15:07 AM -0400 |
V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2021-40102 |
An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File deletion can occur via PHAR deserialization in is_dir (PHP Object Injection associated with the __wakeup magic method). Published: September 24, 2021; 11:15:08 AM -0400 |
V3.1: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2021-40100 |
An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Editor is set to Rich Text. Published: September 24, 2021; 11:15:08 AM -0400 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2021-40099 |
An issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP leads to remote code execution. Published: September 24, 2021; 11:15:08 AM -0400 |
V3.1: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2021-22953 |
A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team" Published: September 23, 2021; 9:15:09 AM -0400 |
V3.1: 5.4 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2021-22950 |
Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team" Published: September 23, 2021; 9:15:08 AM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-22949 |
A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security CMS Research Team" Published: September 23, 2021; 9:15:08 AM -0400 |
V3.1: 5.4 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2021-36766 |
Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/single_page/dashboard/system/environment/logging.php Logging::update_logging() method. User input passed through the logFile request parameter is not properly sanitized before being used in a call to the file_exists() PHP function. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope (PHP Object Injection via phar:// stream wrapper), allowing them to carry out a variety of attacks, such as executing arbitrary PHP code. Published: July 30, 2021; 10:15:18 AM -0400 |
V3.1: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2021-28145 |
Concrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. This requires at least Editor privileges. Published: March 18, 2021; 12:15:14 PM -0400 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2021-3111 |
The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI. Published: January 08, 2021; 10:15:12 AM -0500 |
V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2020-24986 |
Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands. Published: September 04, 2020; 4:15:11 PM -0400 |
V3.1: 7.2 HIGH V2.0: 9.0 HIGH |
CVE-2020-11476 |
Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file. Published: July 28, 2020; 5:15:14 PM -0400 |
V3.1: 7.2 HIGH V2.0: 9.0 HIGH |
CVE-2020-14961 |
Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value. Published: June 21, 2020; 8:15:10 PM -0400 |
V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2017-18195 |
An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental 'cnvID' integers. Published: February 26, 2018; 12:29:00 PM -0500 |
V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |