Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
concretecms concrete cms vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2021-40102
An issue exists in Concrete CMS up to and including 8.5.5. Arbitrary File deletion can occur via PHAR deserialization in is_dir (PHP Object Injection associated with the __wakeup magic method).
Concretecms Concrete Cms
5.4
CVSSv3
CVE-2021-22949
A CSRF in Concrete CMS version 8.5.5 and below allows an malicious user to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security CMS Research Team"
Concretecms Concrete Cms
6.5
CVSSv3
CVE-2021-22950
Concrete CMS before 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team"
Concretecms Concrete Cms
5.4
CVSSv3
CVE-2021-22953
A CSRF in Concrete CMS version 8.5.5 and below allows an malicious user to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team"
Concretecms Concrete Cms
7.2
CVSSv3
CVE-2021-36766
Concrete5 up to and including 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/single_page/dashboard/system/environment/logging.php Logging::update_logging() method. User input passed through the logFile request parameter is not properly sa...
Concretecms Concrete Cms
5.4
CVSSv3
CVE-2021-28145
Concrete CMS (formerly concrete5) prior to 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. This requires at least Editor privileges.
Concretecms Concrete Cms
4.8
CVSSv3
CVE-2021-3111
The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI.
Concretecms Concrete Cms
7.2
CVSSv3
CVE-2020-24986
Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands.
Concretecms Concrete Cms
7.2
CVSSv3
CVE-2020-11476
Concrete5 prior to 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file.
Concretecms Concrete Cms
5.3
CVSSv3
CVE-2020-14961
Concrete5 prior to 8.5.3 does not constrain the sort direction to a valid asc or desc value.
Concretecms Concrete Cms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
NEXT »