391 matches found
Allocation of Resources Without Limits or Throttling
Overview concrete5/concrete5 is a concrete5 open source CMS. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the File Manager’s bulk download functionality due to improper memory management when creating zip archives. An attacker can cau...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the groupid parameter in the Anti-Spam Allowlist Group configuration. An attacker can perform unauthorized actions by tricking a logged-in administrator into submitting a crafted request, resulting in...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the columns parameter in the Express Entry List block configuration. An attacker can execute arbitrary code on the server by injecting crafted serialized data that is later processed without proper...
Concrete5 5.7.3.1 Cross Site Scripting
Multiple cross site scripting vulnerabilities exist in Concrete5 CMS version 5.7.3.1. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...
GHSA-R7VR-WG3F-8HR9 Concrete5 CMS contains an XPath injection vulnerability
Concrete5 CMS version 9.1.3 contains an XPath injection vulnerability that allows attackers to manipulate URL path parameters with malicious payloads. Attackers can flood the system with crafted requests to potentially extract internal content paths and system information...
Concrete5 CMS contains an XPath injection vulnerability
Concrete5 CMS version 9.1.3 contains an XPath injection vulnerability that allows attackers to manipulate URL path parameters with malicious payloads. Attackers can flood the system with crafted requests to potentially extract internal content paths and system information...
EUVD-2026-2462
Concrete5 CMS contains an XPath injection vulnerability...
PT-2026-2973
Concrete5 CMS version 9.1.3 contains an XPath injection vulnerability that allows attackers to manipulate URL path parameters with malicious payloads. Attackers can flood the system with crafted requests to potentially extract internal content paths and system information...
CVE-2022-50807
Rejected reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue...
CVE-2022-50807
...
CVE-2022-50807
This CVE entry is rejected/not used and does not represent an active vulnerability entry.
PT-2026-2364
Name of the Vulnerable Software and Affected Versions Concrete5 CMS version 9.1.3 Description Concrete5 CMS version 9.1.3 is subject to an XPath injection issue. Attackers can manipulate URL path parameters with malicious payloads. By sending crafted requests, attackers may be able to extract...
CVE-2021-41461
Cross-site scripting XSS vulnerability in concrete/elements/collectionadd.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the mode parameter...
CVE-2020-24986
Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands...
EUVD-2021-2356
Malware in sbrugna...
EUVD-2014-5006
Malware in sbrugna...
EUVD-2015-2356
Malware in sbrugna...
EUVD-2021-2139
Malware in sbrugna...
EUVD-2017-9329
Malware in sbrugna...
EUVD-2017-17045
Malware in sbrugna...