Vulners
Lucene search
CVE-2021-36766
🗓️ 27 Jul 2021 05:38:42Reported by mitreType 
cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 87 Views🌐 WEB
| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
 | CVE-2021-36766 | 30 Jul 202118:21 | – | circl |
 | Portlandlabs Concrete5 代码问题漏洞 | 20 Jul 202100:00 | – | cnnvd |
 | Portlandlabs Concrete5 code issue vulnerability | 21 Jul 202100:00 | – | cnvd |
 | CVE-2021-36766 | 27 Jul 202105:38 | – | cvelist |
 | A8: Insecure Deserialization ❗️ — Top 10 OWASP 2017 | 28 Sep 202106:31 | – | d0znpp |
 | EUVD-2021-23354 | 7 Oct 202500:30 | – | euvd |
 | Concrete CMS: Phar Deserialization Vulnerability via Logging Settings | 20 Dec 202017:38 | – | hackerone |
 | CVE-2021-36766 | 30 Jul 202114:15 | – | nvd |
 | Concrete5 <= 8.5.5 Phar Deserialization Vulnerability | 2 Aug 202100:00 | – | openvas |
 | Code injection | 30 Jul 202114:15 | – | prion |
10
Node
| Source | Link |
|---|---|
| hackerone | www.hackerone.com/reports/1063039 |
| packetstormsecurity | www.packetstormsecurity.com/files/163564/Concrete5-8.5.5-Phar-Deserialization.html |
| seclists | www.seclists.org/fulldisclosure/2021/Jul/36 |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| logFile | query param | controllers/single_page/dashboard/system/environment/logging.php | Deserialized untrusted input via logFile parameter leading to PHP Object Injection (phar://) and potential arbitrary code execution. | CWE-502 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
21 Nov 2024 06:14Current
7.1High risk
Vulners AI Score7.1
CVSS 26.5
CVSS 3.17.2
EPSS0.01543