EUVD-2017-9329

Malware in sbrugna...

EUVD-2015-4019

Malware in sbrugna...

CVE-2021-36766

Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/singlepage/dashboard/system/environment/logging.php Logging::updatelogging method. User input passed through the logFile request parameter is not properly sanitized before being used in a ca...

CVE-2018-19146

Concrete5 8.4.3 has XSS because config/concrete.php allows uploads by administrators of SVG files that may contain HTML data with a SCRIPT element...

Unrestricted file upload

Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file...

CVE-2020-11476

Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file...

Design/Logic Flaw

Concrete5 8.4.3 has XSS because config/concrete.php allows uploads by administrators of SVG files that may contain HTML data with a SCRIPT element...

CVE-2018-19146

Concrete5 8.4.3 has XSS because config/concrete.php allows uploads by administrators of SVG files that may contain HTML data with a SCRIPT element...

CVE-2017-18195

An issue was discovered in tools/conversations/viewajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/viewajax with incremental 'cnvID' integers...

concrete5 index.php/tools/required/files/permissions searchInstance Parameter XSS

concrete5 index.php/tools/required/files/permissions searchInstance Parameter XSS. Webapps exploit for php platform source: http://www.securityfocus.com/bid/53640/info Concrete CMS is prone to following vulnerabilities because it fails to properly handle user-supplied input. 1. Multiple cross-sit...