Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.4
CVSSv3

CVE-2021-40109

Published: 27/09/2021 Updated: 30/09/2021
CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.4 | Impact Score: 2.7 | Exploitability Score: 3.1
VMScore: 490
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N
Subscribe to Concrete Cms

Vulnerability Summary

A SSRF issue exists in Concrete CMS up to and including 8.5.5. Users can access forbidden files on their local network. A user with permissions to upload files from external sites can upload a URL that redirects to an internal resource of any file type. The redirect is followed and loads the contents of the file from the redirected-to server. Files of disallowed types can be uploaded.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

concretecms concrete cms

References

CWE-918https://hackerone.com/reports/1102105https://documentation.concretecms.org/developers/introduction/version-history/856-release-noteshttps://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook