Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
concretecms concrete cms vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2021-40108
An issue exists in Concrete CMS up to and including 8.5.5. The Calendar is vulnerable to CSRF. ccm_token is not verified on the ccm/calendar/dialogs/event/add/save endpoint.
Concretecms Concrete Cms
5.5
CVSSv2
CVE-2021-40109
A SSRF issue exists in Concrete CMS up to and including 8.5.5. Users can access forbidden files on their local network. A user with permissions to upload files from external sites can upload a URL that redirects to an internal resource of any file type. The redirect is followed a...
Concretecms Concrete Cms
6.5
CVSSv2
CVE-2021-40097
An issue exists in Concrete CMS up to and including 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter.
Concretecms Concrete Cms
7.5
CVSSv2
CVE-2021-40098
An issue exists in Concrete CMS up to and including 8.5.5. Path Traversal leading to RCE via external form by adding a regular expression.
Concretecms Concrete Cms
5
CVSSv2
CVE-2021-40103
An issue exists in Concrete CMS up to and including 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF.
Concretecms Concrete Cms
5
CVSSv2
CVE-2021-40104
An issue exists in Concrete CMS up to and including 8.5.5. There is an SVG sanitizer bypass.
Concretecms Concrete Cms
4.3
CVSSv2
CVE-2021-40105
An issue exists in Concrete CMS up to and including 8.5.5. There is XSS via Markdown Comments.
Concretecms Concrete Cms
4.3
CVSSv2
CVE-2021-40106
An issue exists in Concrete CMS up to and including 8.5.5. There is unauthenticated stored XSS in blog comments via the website field.
Concretecms Concrete Cms
6.5
CVSSv2
CVE-2021-40099
An issue exists in Concrete CMS up to and including 8.5.5. Fetching the update json scheme over HTTP leads to remote code execution.
Concretecms Concrete Cms
3.5
CVSSv2
CVE-2021-40100
An issue exists in Concrete CMS up to and including 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Editor is set to Rich Text.
Concretecms Concrete Cms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »