Vulnerabilities > Concretecms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-09 | CVE-2018-13790 | Server-Side Request Forgery (SSRF) vulnerability in Concretecms Concrete CMS 8.2.0 A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL functionality on the File Manager page. | 7.2 |
| 2018-02-26 | CVE-2017-18195 | Unspecified vulnerability in Concretecms Concrete CMS An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. | 5.3 |
| 2017-09-07 | CVE-2015-4724 | SQL Injection vulnerability in Concretecms Concrete CMS 5.7.3.1 SQL injection vulnerability in Concrete5 5.7.3.1. | 8.8 |
| 2017-09-07 | CVE-2015-4721 | Cross-site Scripting vulnerability in Concretecms Concrete CMS 5.7.3.1 Multiple cross-site scripting (XSS) vulnerabilities in Concrete5 5.7.3.1. | 6.1 |
| 2017-04-24 | CVE-2017-8082 | Cross-Site Request Forgery (CSRF) vulnerability in Concretecms Concrete CMS 8.1.0 concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditor?fID=1&imgData= URI. | 6.5 |
| 2017-04-13 | CVE-2017-7725 | Cross-site Scripting vulnerability in Concretecms Concrete CMS 8.1.0 concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. | 6.1 |