27 matches found
CVE-2021-22953
A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team"...
EUVD-2021-10077
Malware in sbrugna...
EUVD-2021-10080
Malware in sbrugna...
EUVD-2021-10078
Malware in sbrugna...
EUVD-2021-2391
Malware in sbrugna...
CVE-2021-22951
Unauthorized individuals could view password protected files using viewinline in Concrete CMS previously concrete 5 prior to version 8.5.7. Concrete CMS now checks to see if a file has a password in viewinline and, if it does, the file is not rendered.For version 8.5.6, the following mitigations...
CVE-2021-22950
Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team"...
CVE-2021-22951
Unauthorized individuals could view password protected files using viewinline in Concrete CMS previously concrete 5 prior to version 8.5.7. Concrete CMS now checks to see if a file has a password in viewinline and, if it does, the file is not rendered.For version 8.5.6, the following mitigations...
CVE-2021-22951
CVE-2021-22951 affects Concrete CMS (formerly concrete5) prior to 8.5.7. Unauthorized individuals could view password-protected files via the view_inline functionality, exposing protected content. The root cause was that view_inline could render a file even if it had a password. Mitigations imple...
CVE-2021-22953
A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team"...
CVE-2021-22950
Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team"...
CVE-2021-22949
A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security CMS Research Team"...
CVE-2021-22950
Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team"...
Session fixation
Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team"...
Cross site request forgery (csrf)
A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security CMS Research Team"...
Cross site request forgery (csrf)
A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team"...
CVE-2021-22953
Concrete CMS CVE-2021-22953 is a CSRF flaw affecting version 8.5.5 and earlier. The vulnerability allows an attacker to clone topics, causing UI inconvenience and potential disk-space exhaustion. Affected product/version: Concrete CMS 8.5.5 and below. Root cause: cross-site request forgery in top...
CVE-2021-22953
A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team"...
CVE-2021-22950
Concrete CMS prior to version 8.5.6 has a cross-site request forgery (CSRF) vulnerability that allows deletion of attachments in the conversation section comments. The issue is documented across multiple feeds (CVE-2021-22950) with an NVD CVSS 3.1 base score of 6.5 (Network, Low attack complexity...
CVE-2021-22950
Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team"...