Concrete Cms Security Vulnerabilities and Issues — Concrete Cms CVE List

Lucene search

ConcretecmsConcrete Cms

6 matches found

CVE•added 2022/02/09 11:15 p.m.•83 views

CVE-2021-22954

A cross-site request forgery vulnerability exists in Concrete CMS

8.8CVSS8.5AI score0.00189EPSS

CVE•added 2022/11/14 5:15 p.m.•66 views

CVE-2022-43693

Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth.

8.8CVSS8.8AI score0.00597EPSS

CVE•added 2021/09/27 1:15 p.m.•57 views

CVE-2021-40108

An issue was discovered in Concrete CMS through 8.5.5. The Calendar is vulnerable to CSRF. ccm_token is not verified on the ccm/calendar/dialogs/event/add/save endpoint.

8.8CVSS8.6AI score0.00125EPSS

CVE•added 2021/09/27 12:15 p.m.•54 views

CVE-2021-40097

An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter.

8.8CVSS9AI score0.04123EPSS

CVE•added 2021/11/19 7:15 p.m.•50 views

CVE-2021-22966

Privilege escalation from Editor to Admin using Groups in Concrete CMS versions 8.5.6 and below. If a group is granted "view" permissions on the bulkupdate page, then users in that group can escalate to being an administrator with a specially crafted curl. Fixed by adding a check for group permissi...

8.8CVSS8.8AI score0.00267EPSS

CVE•added 2017/09/07 8:29 p.m.•37 views

CVE-2015-4724

SQL injection vulnerability in Concrete5 5.7.3.1.

8.8CVSS9AI score0.00216EPSS