Vulnerabilities > Concretecms > Concrete CMS > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-17 | CVE-2023-48648 | Incorrect Default Permissions vulnerability in Concretecms Concrete CMS Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. | 9.8 |
| 2022-06-24 | CVE-2022-21829 | Cleartext Transmission of Sensitive Information vulnerability in Concretecms Concrete CMS Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. | 9.8 |
| 2020-09-04 | CVE-2020-24986 | Unrestricted Upload of File with Dangerous Type vulnerability in Concretecms Concrete CMS Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. | 9.0 |
| 2020-07-28 | CVE-2020-11476 | Unrestricted Upload of File with Dangerous Type vulnerability in Concretecms Concrete CMS Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file. | 9.0 |