Lucene search
K

4 matches found

EUVD
EUVD
added 2026/05/22 12:31 a.m.13 views

EUVD-2026-31359

Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unauthenticated attacker can vote in the restricted survey by submitting the restricted optionID throu...

6.3CVSS5.8AI score0.00194EPSS
Exploits0References2
OSV
OSV
added 2026/03/04 3:16 a.m.2 views

CVE-2026-2994

Concrete CMS below version 9.4.8 is subject to CSRF by a Rogue Administrator using the Anti-Spam Allowlist Group Configuration via groupid parameter which can leads to a security bypass since changes are saved prior to checking the CSRF token. The Concrete CMS security team gave this vulnerabilit...

6.8CVSS5.8AI score
Exploits0References2
CNNVD
CNNVD
added 2023/10/10 12:0 a.m.15 views

PortlandLabs Concrete CMS 代码问题漏洞

PortlandLabs Concrete CMS is a team-oriented open source content management system of the United States PortlandLabs company . An arbitrary file upload vulnerability exists in PortlandLabs Concrete CMS version v9.2.1, which stems from the application's lack of effective validation of uploaded...

5.4CVSS7.7AI score0.00585EPSS
Exploits1References5
CNNVD
CNNVD
added 2021/09/27 12:0 a.m.3 views

PortlandLabs Concrete CMS 安全漏洞

PortlandLabs Concrete Cms is a team-oriented open source content management system for the United States PortlandLabs . A security vulnerability exists in PortlandLabs Concrete CMS 8.5.5 and earlier, which stems from an "SVG Sanitizer" bypass issue with the program. No details of the...

7.5CVSS7.4AI score0.01279EPSS
Exploits0References2
Rows per page
Query Builder