Lucene search
Veracode Vulnerability DatabaseVERACODE:36214HistoryJun 30, 2022 - 9:02 a.m.
Remote Code Execution (RCE)
2022-06-3009:02:06
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
0.006 Low
EPSS
Percentile
77.8%
concrete5/core is vulnerable to remote code execution. The vulnerability exists due to insecure http requests which allow an attacker to inject and execute arbitrary codes into the system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| concrete5/core | le | 8.5.7 | |
| concrete5/core | le | 9.0.2 | |
| concrete5/core | le | 8.5.7 | |
| concrete5/core | le | 9.0.2 |
References
documentation.concretecms.org/developers/introduction/version-history/858-release-notes
documentation.concretecms.org/developers/introduction/version-history/910-release-notes,
github.com/advisories/GHSA-6xc4-7fmm-65q2
github.com/concretecms/concretecms-core/commit/3360e39da7ea95e3196d966d25801f9346c4774e
github.com/concretecms/concretecms-core/commit/e35f5af37b0ce22133a875fb2f338bc7dc3115f7
hackerone.com/reports/1482520
hackerone.com/reports/1482520,
Related
prion
prion
Cross site request forgery (csrf)
2022-06-24 15:15:00
cnvd
cnvd
PortlandLabs Concrete Cms Remote Code Execution Vulnerability
2022-06-28 00:00:00
nvd
nvd
CVE-2022-21829
2022-06-24 15:15:10
github
github
Code injection in concrete CMS
2022-06-25 00:00:53
cve
cve
CVE-2022-21829
2022-06-24 15:15:10
osv
osv
Code injection in concrete CMS
2022-06-25 00:00:53
cvelist
cvelist
CVE-2022-21829
2022-06-24 15:00:05