Vulnerabilities > Concretecms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-19 | CVE-2021-22966 | Incorrect Authorization vulnerability in Concretecms Concrete CMS Privilege escalation from Editor to Admin using Groups in Concrete CMS versions 8.5.6 and below. | 8.8 |
| 2021-11-19 | CVE-2021-22967 | Authorization Bypass Through User-Controlled Key vulnerability in Concretecms Concrete CMS In Concrete CMS (formerly concrete 5) below 8.5.7, IDOR Allows Unauthenticated User to Access Restricted Files If Allowed to Add Message to a Conversation.To remediate this, a check was added to verify a user has permissions to view files before attaching the files to a message in "add / edit message”.Concrete CMS security team gave this a CVSS v3.1 score of 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NCredit for discovery Adrian H | 7.5 |
| 2021-11-19 | CVE-2021-22968 | Unrestricted Upload of File with Dangerous Type vulnerability in Concretecms Concrete CMS A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concrete CMS (concrete5) versions 8.5.6 and below.The external file upload feature stages files in the public directory even if they have disallowed file extensions. | 7.2 |
| 2021-11-19 | CVE-2021-22969 | Server-Side Request Forgery (SSRF) vulnerability in Concretecms Concrete CMS Concrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS (ex AWS) IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading rather than relying on DNS.Discoverer: Adrian Tiron from FORTBRIDGE ( https://www.fortbridge.co.uk/ )The Concrete CMS team gave this a CVSS 3.1 score of 3.5 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N . | 5.3 |
| 2021-11-19 | CVE-2021-22970 | Server-Side Request Forgery (SSRF) vulnerability in Concretecms Concrete CMS Concrete CMS (formerly concrete5) versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa. | 7.5 |
| 2021-10-07 | CVE-2021-22958 | Server-Side Request Forgery (SSRF) vulnerability in Concretecms Concrete CMS A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. | 9.8 |
| 2021-09-27 | CVE-2021-40108 | Cross-Site Request Forgery (CSRF) vulnerability in Concretecms Concrete CMS An issue was discovered in Concrete CMS through 8.5.5. | 8.8 |
| 2021-09-27 | CVE-2021-40109 | Server-Side Request Forgery (SSRF) vulnerability in Concretecms Concrete CMS A SSRF issue was discovered in Concrete CMS through 8.5.5. | 6.4 |
| 2021-09-27 | CVE-2021-40097 | Path Traversal vulnerability in Concretecms Concrete CMS An issue was discovered in Concrete CMS through 8.5.5. | 8.8 |
| 2021-09-27 | CVE-2021-40098 | Path Traversal vulnerability in Concretecms Concrete CMS An issue was discovered in Concrete CMS through 8.5.5. | 9.8 |