Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:concretecms:concrete_cms:8.5.0:rc1:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-22951 |
Unauthorized individuals could view password protected files using view_inline in Concrete CMS (previously concrete 5) prior to version 8.5.7. Concrete CMS now checks to see if a file has a password in view_inline and, if it does, the file is not rendered.For version 8.5.6, the following mitigations were put in place a. restricting file types for view_inline to images only b. putting a warning in the file manager to advise users.Credit for discovery: "Solar Security Research Team"Concrete CMS security team CVSS scoring is 5.3: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NThis fix is also in Concrete version 9.0.0 Published: November 19, 2021; 2:15:08 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2021-22958 |
A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. Impact can vary depending on services exposed.CVSSv2.0 AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N Published: October 07, 2021; 10:15:08 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2021-40109 |
A SSRF issue was discovered in Concrete CMS through 8.5.5. Users can access forbidden files on their local network. A user with permissions to upload files from external sites can upload a URL that redirects to an internal resource of any file type. The redirect is followed and loads the contents of the file from the redirected-to server. Files of disallowed types can be uploaded. Published: September 27, 2021; 9:15:08 AM -0400 |
V4.0:(not available) V3.1: 6.4 MEDIUM V2.0: 5.5 MEDIUM |
CVE-2021-40108 |
An issue was discovered in Concrete CMS through 8.5.5. The Calendar is vulnerable to CSRF. ccm_token is not verified on the ccm/calendar/dialogs/event/add/save endpoint. Published: September 27, 2021; 9:15:08 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2021-40106 |
An issue was discovered in Concrete CMS through 8.5.5. There is unauthenticated stored XSS in blog comments via the website field. Published: September 27, 2021; 8:15:08 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-40105 |
An issue was discovered in Concrete CMS through 8.5.5. There is XSS via Markdown Comments. Published: September 27, 2021; 8:15:08 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-40104 |
An issue was discovered in Concrete CMS through 8.5.5. There is an SVG sanitizer bypass. Published: September 27, 2021; 8:15:08 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2021-40103 |
An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF. Published: September 27, 2021; 8:15:08 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2021-40098 |
An issue was discovered in Concrete CMS through 8.5.5. Path Traversal leading to RCE via external form by adding a regular expression. Published: September 27, 2021; 8:15:08 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2021-40097 |
An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter. Published: September 27, 2021; 8:15:07 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2021-40102 |
An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File deletion can occur via PHAR deserialization in is_dir (PHP Object Injection associated with the __wakeup magic method). Published: September 24, 2021; 11:15:08 AM -0400 |
V4.0:(not available) V3.1: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2021-40100 |
An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Editor is set to Rich Text. Published: September 24, 2021; 11:15:08 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2021-40099 |
An issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP leads to remote code execution. Published: September 24, 2021; 11:15:08 AM -0400 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2021-22953 |
A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team" Published: September 23, 2021; 9:15:09 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2021-22950 |
Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team" Published: September 23, 2021; 9:15:08 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-22949 |
A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security CMS Research Team" Published: September 23, 2021; 9:15:08 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2021-36766 |
Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/single_page/dashboard/system/environment/logging.php Logging::update_logging() method. User input passed through the logFile request parameter is not properly sanitized before being used in a call to the file_exists() PHP function. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope (PHP Object Injection via phar:// stream wrapper), allowing them to carry out a variety of attacks, such as executing arbitrary PHP code. Published: July 30, 2021; 10:15:18 AM -0400 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2021-28145 |
Concrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. This requires at least Editor privileges. Published: March 18, 2021; 12:15:14 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2021-3111 |
The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI. Published: January 08, 2021; 10:15:12 AM -0500 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2020-24986 |
Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands. Published: September 04, 2020; 4:15:11 PM -0400 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0: 9.0 HIGH |