Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
concretecms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-43693
Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth.
Concretecms Concrete Cms
NA
CVE-2022-43694
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the image manipulation library due to un-sanitized output.
Concretecms Concrete Cms
NA
CVE-2022-43695
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in dashboard/system/express/entities/associations because Concrete CMS allows association with an entity name that doesn’t exist or, if it does exis...
Concretecms Concrete Cms
NA
CVE-2022-43967
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the multilingual report due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.
Concretecms Concrete Cms
5
CVSSv2
CVE-2020-14961
Concrete5 prior to 8.5.3 does not constrain the sort direction to a valid asc or desc value.
Concretecms Concrete Cms
5
CVSSv2
CVE-2017-18195
An issue exists in tools/conversations/view_ajax.php in Concrete5 prior to 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental 'cnvID' integers.
Concretecms Concrete Cms
1 EDB exploit
6.5
CVSSv2
CVE-2021-36766
Concrete5 up to and including 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/single_page/dashboard/system/environment/logging.php Logging::update_logging() method. User input passed through the logFile request parameter is not properly sa...
Concretecms Concrete Cms
6.5
CVSSv2
CVE-2021-40097
An issue exists in Concrete CMS up to and including 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter.
Concretecms Concrete Cms
7.5
CVSSv2
CVE-2021-40098
An issue exists in Concrete CMS up to and including 8.5.5. Path Traversal leading to RCE via external form by adding a regular expression.
Concretecms Concrete Cms
6.5
CVSSv2
CVE-2021-40099
An issue exists in Concrete CMS up to and including 8.5.5. Fetching the update json scheme over HTTP leads to remote code execution.
Concretecms Concrete Cms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »