Vulnerabilities > Concretecms > Concrete CMS > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-17 | CVE-2023-48648 | Incorrect Default Permissions vulnerability in Concretecms Concrete CMS Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. | 9.8 |
| 2022-06-24 | CVE-2022-30117 | Path Traversal vulnerability in Concretecms Concrete CMS Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. | 9.1 |
| 2022-06-24 | CVE-2022-21829 | Cleartext Transmission of Sensitive Information vulnerability in Concretecms Concrete CMS Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. | 9.8 |
| 2021-10-07 | CVE-2021-22958 | Server-Side Request Forgery (SSRF) vulnerability in Concretecms Concrete CMS A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. | 9.8 |
| 2021-09-27 | CVE-2021-40098 | Path Traversal vulnerability in Concretecms Concrete CMS An issue was discovered in Concrete CMS through 8.5.5. | 9.8 |
| 2021-09-24 | CVE-2021-40102 | Deserialization of Untrusted Data vulnerability in Concretecms Concrete CMS An issue was discovered in Concrete CMS through 8.5.5. | 9.1 |