Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
concretecms concrete cms vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2022-30118
Title for CVE: XSS in /dashboard/system/express/entities/forms/save_control/[GUID]: old browsers only.Description: When using Internet Explorer with the XSS protection disabled, editing a form control in an express entities form for Concrete 8.5.7 and below as well as Concrete 9....
Concretecms Concrete Cms
NA
CVE-2023-48648
Concrete CMS prior to 8.5.13 and 9.x prior to 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions c...
Concretecms Concrete Cms
NA
CVE-2023-48649
Concrete CMS prior to 8.5.13 and 9.x prior to 9.2.2 allows stored XSS on the Admin page via an uploaded file name.
Concretecms Concrete Cms
NA
CVE-2023-48652
Concrete CMS 9 prior to 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) via /ccm/system/dialogs/logs/delete_all/submit. An attacker can force an admin user to delete server report logs on a web application to which they are currently authenticated.
Concretecms Concrete Cms
4.3
CVSSv2
CVE-2011-3183
A Cross-Site Scripting (XSS) vulnerability exists in the rcID parameter in Concrete CMS 5.4.1.1 and previous versions.
Concretecms Concrete Cms
6.5
CVSSv2
CVE-2021-22968
A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concrete CMS (concrete5) versions 8.5.6 and below.The external file upload feature stages files in the public directory even if they have disallowed file extensio...
Concretecms Concrete Cms
1 Github repository
9
CVSSv2
CVE-2020-24986
Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands.
Concretecms Concrete Cms
6.5
CVSSv2
CVE-2018-13790
A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL functionality on the File Manager page.
Concretecms Concrete Cms 8.2.0
6.5
CVSSv2
CVE-2015-4724
SQL injection vulnerability in Concrete5 5.7.3.1.
Concretecms Concrete Cms 5.7.3.1
4.3
CVSSv2
CVE-2015-4721
Multiple cross-site scripting (XSS) vulnerabilities in Concrete5 5.7.3.1.
Concretecms Concrete Cms 5.7.3.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
NEXT »