Lucene search
+L

7 matches found

NVD
NVD
added 2021/09/23 1:15 p.m.22 views

CVE-2021-22949

A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security CMS Research Team"...

5.8CVSS0.00346EPSS
Exploits0References2
Prion
Prion
added 2021/09/23 1:15 p.m.15 views

Cross site request forgery (csrf)

A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security CMS Research Team"...

5.8CVSS5.5AI score0.00346EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/09/23 12:40 p.m.47 views

CVE-2021-22949

CVE-2021-22949 is a CSRF in Concrete CMS versions 8.5.5 and earlier that allows an attacker to duplicate files, causing UI issues and potential disk-space exhaustion. The root cause is cross-site request forgery affecting file-duplication functionality; no exploit details are provided beyond this...

5.8CVSS6.4AI score0.00346EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/08/30 4:13 p.m.51 views

GHSA-H76R-VGF3-J6W5 October CMS auth bypass and account takeover

Impact An attacker can exploit this vulnerability to bypass authentication using a specially crafted persist cookie. - To exploit this vulnerability, an attacker must obtain a Laravel’s secret key for cookie encryption and signing. - Due to the logic of how this mechanism works, a targeted user...

7.4CVSS8.5AI score0.00895EPSS
Exploits0References5
OSV
OSV
added 2021/08/30 4:13 p.m.45 views

GHSA-MXR5-MC97-63RC Account Takeover in Octobercms

Impact An attacker can request an account password reset and then gain access to the account using a specially crafted request. - To exploit this vulnerability, an attacker must know the username of an administrator and have access to the password reset form. Patches - Issue has been patched in...

8.2CVSS9.1AI score0.90418EPSS
Exploits1References6
Hacker One
Hacker One
added 2021/02/12 10:41 a.m.67 views

Concrete CMS: Authenticated path traversal to RCE

crayons Description The bFilename parameter in the scenario index.php/ccm/system/dialogs/block/design/submit is vulnerable to remote code execution via path traversal vulnerability. Authenticated attacker with rights to edit web application pages can upload malicious PNG file containing PHP code...

6.5CVSS9AI score0.02425EPSS
Exploits0
Hacker One
Hacker One
added 2021/02/05 12:56 p.m.18 views

ImpressCMS: CSRF to XSS in /htdocs/modules/system/admin.php

The "admin.php" file in the "system" module of ImpressCMS version 1.4.2 was vulnerable to a Cross-Site Scripting XSS attack. This vulnerability allowed an attacker to execute malicious scripts in the context of an authorized user by exploiting a lack of input sanitization. The vulnerability was...

6.5AI score
Exploits0
Rows per page
Query Builder