3 matches found
CVE-2021-22951
Unauthorized individuals could view password protected files using viewinline in Concrete CMS previously concrete 5 prior to version 8.5.7. Concrete CMS now checks to see if a file has a password in viewinline and, if it does, the file is not rendered.For version 8.5.6, the following mitigations...
Concrete CMS < 8.5.7 Multiple Vulnerabilities
Concrete CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:concretecms:concretecms"; if...
CVE-2021-22951
CVE-2021-22951 affects Concrete CMS (formerly concrete5) prior to 8.5.7. Unauthorized individuals could view password-protected files via the view_inline functionality, exposing protected content. The root cause was that view_inline could render a file even if it had a password. Mitigations imple...