An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename...
8.8CVSS
9AI Score
0.004EPSS
An issue was discovered in Concrete CMS through 8.5.5. Path Traversal leading to RCE via external form by adding a regular...
9.8CVSS
9.3AI Score
0.002EPSS
An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and...
7.5CVSS
7.5AI Score
0.002EPSS
An issue was discovered in Concrete CMS through 8.5.5. There is unauthenticated stored XSS in blog comments via the website...
6.1CVSS
5.9AI Score
0.001EPSS
An issue was discovered in Concrete CMS through 8.5.5. There is XSS via Markdown...
6.1CVSS
5.9AI Score
0.001EPSS
An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File deletion can occur via PHAR deserialization in is_dir (PHP Object Injection associated with the __wakeup magic...
9.1CVSS
9.3AI Score
0.003EPSS
An issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP leads to remote code...
7.2CVSS
7.3AI Score
0.006EPSS
An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Editor is set to Rich...
5.4CVSS
5.1AI Score
0.001EPSS
Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research...
6.5CVSS
6.4AI Score
0.001EPSS
A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security CMS Research...
5.4CVSS
5.5AI Score
0.001EPSS
A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research...
5.4CVSS
5.5AI Score
0.001EPSS
Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/single_page/dashboard/system/environment/logging.php Logging::update_logging() method. User input passed through the logFile request parameter is not properly sanitized before being used in a....
7.2CVSS
7.2AI Score
0.01EPSS
Concrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. This requires at least Editor...
5.4CVSS
4.9AI Score
0.001EPSS
The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/...
4.8CVSS
4.7AI Score
0.005EPSS
Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary...
7.2CVSS
7.2AI Score
0.001EPSS
Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar...
7.2CVSS
6.9AI Score
0.003EPSS
Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc...
5.3CVSS
5.2AI Score
0.001EPSS
Concrete5 8.4.3 has XSS because config/concrete.php allows uploads (by administrators) of SVG files that may contain HTML data with a SCRIPT...
4.8CVSS
5.7AI Score
0.001EPSS
A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL functionality on the File Manager...
7.2CVSS
6.9AI Score
0.001EPSS
An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental 'cnvID'...
5.3CVSS
5.2AI Score
0.005EPSS
6.1CVSS
6AI Score
0.001EPSS
8.8CVSS
8AI Score
0.001EPSS
concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditor?fID=1&imgData= URI. This results in a site-wide...
6.5CVSS
6.8AI Score
0.003EPSS
concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. Remote attackers can make a GET request with any domain name in the Host header; this is stored...
6.1CVSS
6AI Score
0.003EPSS
Multiple cross-site scripting (XSS) vulnerabilities in concrete5 5.7.2.1, 5.7.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gName parameter in single_pages/dashboard/users/groups/bulkupdate.php or (2) instance_id parameter in...
5.9AI Score
0.012EPSS
Cross-site scripting (XSS) vulnerability in single_pages\download_file.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to...
6.3AI Score
0.002EPSS
concrete5 before 5.6.3 allows remote attackers to obtain the installation path via a direct request to (1) system/basics/editor.php, (2) system/view.php, (3) system/environment/file_storage_locations.php, (4) system/mail/importers.php, (5) system/mail/method.php, (6)...
7.4AI Score
0.007EPSS