Vulnerabilities > Concretecms > Concrete CMS > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-27 | CVE-2021-40103 | Path Traversal vulnerability in Concretecms Concrete CMS An issue was discovered in Concrete CMS through 8.5.5. | 7.5 |
| 2021-09-27 | CVE-2021-40104 | Unspecified vulnerability in Concretecms Concrete CMS An issue was discovered in Concrete CMS through 8.5.5. | 7.5 |
| 2021-09-24 | CVE-2021-40099 | Unspecified vulnerability in Concretecms Concrete CMS An issue was discovered in Concrete CMS through 8.5.5. | 7.2 |
| 2021-07-30 | CVE-2021-36766 | Deserialization of Untrusted Data vulnerability in Concretecms Concrete CMS Concrete5 through 8.5.5 deserializes Untrusted Data. | 7.2 |
| 2020-09-04 | CVE-2020-24986 | Unrestricted Upload of File with Dangerous Type vulnerability in Concretecms Concrete CMS Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. | 7.2 |
| 2020-07-28 | CVE-2020-11476 | Unrestricted Upload of File with Dangerous Type vulnerability in Concretecms Concrete CMS Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file. | 7.2 |
| 2018-07-09 | CVE-2018-13790 | Server-Side Request Forgery (SSRF) vulnerability in Concretecms Concrete CMS 8.2.0 A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL functionality on the File Manager page. | 7.2 |
| 2017-09-07 | CVE-2015-4724 | SQL Injection vulnerability in Concretecms Concrete CMS 5.7.3.1 SQL injection vulnerability in Concrete5 5.7.3.1. | 8.8 |