Vulnerabilities > Concretecms > Concrete CMS > 8.2.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-23 | CVE-2021-22949 | Cross-Site Request Forgery (CSRF) vulnerability in Concretecms Concrete CMS A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security CMS Research Team" | 5.8 |
| 2021-09-23 | CVE-2021-22950 | Cross-Site Request Forgery (CSRF) vulnerability in Concretecms Concrete CMS Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team" | 4.3 |
| 2021-09-23 | CVE-2021-22953 | Cross-Site Request Forgery (CSRF) vulnerability in Concretecms Concrete CMS A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team" | 5.8 |
| 2021-07-30 | CVE-2021-36766 | Deserialization of Untrusted Data vulnerability in Concretecms Concrete CMS Concrete5 through 8.5.5 deserializes Untrusted Data. | 6.5 |
| 2021-03-18 | CVE-2021-28145 | Cross-site Scripting vulnerability in Concretecms Concrete CMS Concrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. | 3.5 |
| 2021-01-08 | CVE-2021-3111 | Cross-site Scripting vulnerability in Concretecms Concrete CMS The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI. | 3.5 |
| 2020-09-04 | CVE-2020-24986 | Unrestricted Upload of File with Dangerous Type vulnerability in Concretecms Concrete CMS Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. | 9.0 |
| 2020-07-28 | CVE-2020-11476 | Unrestricted Upload of File with Dangerous Type vulnerability in Concretecms Concrete CMS Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file. | 9.0 |
| 2020-06-22 | CVE-2020-14961 | Unspecified vulnerability in Concretecms Concrete CMS Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value. | 5.0 |
| 2018-07-09 | CVE-2018-13790 | Server-Side Request Forgery (SSRF) vulnerability in Concretecms Concrete CMS 8.2.0 A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL functionality on the File Manager page. | 6.5 |