Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 11:21 a.m.6 views

CVE-2021-22970

Concrete CMS formerly concrete5 versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa. SSRF attacks on the private LAN servers by reading files from the local LAN. An attacker can pivot in the private LAN and exploit local network appsandb. SS...

7.5CVSS6.7AI score0.01438EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/11/22 12:0 a.m.23 views

Concrete CMS < 8.5.7 Multiple Vulnerabilities

Concrete CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:concretecms:concretecms"; if...

8.8CVSS7.5AI score0.03132EPSS
Exploits1References1
Circl
Circl
added 2021/11/19 10:17 p.m.6 views

CVE-2021-22970

creationtimestamp| type| source ---|---|--- 2021-11-19 22:17:19+00:00| published-proof-of-concept| https://t.me/cibsecurity/32744...

7.5CVSS7.3AI score0.01438EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/11/19 6:8 p.m.32 views

CVE-2021-22970

Concrete CMS formerly concrete5 versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa. SSRF attacks on the private LAN servers by reading files from the local LAN. An attacker can pivot in the private LAN and exploit local network appsandb. SS...

7.8AI score0.01438EPSS
Exploits0References3
CVE
CVE
added 2021/11/19 6:8 p.m.78 views

CVE-2021-22970

Concrete CMS (concrete5) vulnerable versions: 8.5.6 and earlier, and 9.0.0, expose a Server-Side Request Forgery (SSRF) flaw via local IP importing that enables reading files on the private LAN and potential network pivoting. The root cause is described as SSRF with DNS rebinding as a bypass; exp...

7.5CVSS7.4AI score0.01438EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder