Vulnerabilities > Concretecms

DATE CVE VULNERABILITY TITLE RISK
2021-11-30 CVE-2021-40101 Incorrect Permission Assignment for Critical Resource vulnerability in Concretecms Concrete CMS
An issue was discovered in Concrete CMS before 8.5.7.
network
low complexity
concretecms CWE-732
7.2
2021-11-19 CVE-2021-22951 Authorization Bypass Through User-Controlled Key vulnerability in Concretecms Concrete CMS
Unauthorized individuals could view password protected files using view_inline in Concrete CMS (previously concrete 5) prior to version 8.5.7.
network
low complexity
concretecms CWE-639
7.5
2021-11-19 CVE-2021-22966 Incorrect Authorization vulnerability in Concretecms Concrete CMS
Privilege escalation from Editor to Admin using Groups in Concrete CMS versions 8.5.6 and below.
network
low complexity
concretecms CWE-863
8.8
2021-11-19 CVE-2021-22967 Authorization Bypass Through User-Controlled Key vulnerability in Concretecms Concrete CMS
In Concrete CMS (formerly concrete 5) below 8.5.7, IDOR Allows Unauthenticated User to Access Restricted Files If Allowed to Add Message to a Conversation.To remediate this, a check was added to verify a user has permissions to view files before attaching the files to a message in "add / edit message”.Concrete CMS security team gave this a CVSS v3.1 score of 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NCredit for discovery Adrian H
network
low complexity
concretecms CWE-639
7.5
2021-11-19 CVE-2021-22968 Unrestricted Upload of File with Dangerous Type vulnerability in Concretecms Concrete CMS
A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concrete CMS (concrete5) versions 8.5.6 and below.The external file upload feature stages files in the public directory even if they have disallowed file extensions.
network
low complexity
concretecms CWE-434
7.2
2021-11-19 CVE-2021-22969 Server-Side Request Forgery (SSRF) vulnerability in Concretecms Concrete CMS
Concrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS (ex AWS) IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading rather than relying on DNS.Discoverer: Adrian Tiron from FORTBRIDGE ( https://www.fortbridge.co.uk/ )The Concrete CMS team gave this a CVSS 3.1 score of 3.5 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N .
network
low complexity
concretecms CWE-918
5.3
2021-11-19 CVE-2021-22970 Server-Side Request Forgery (SSRF) vulnerability in Concretecms Concrete CMS
Concrete CMS (formerly concrete5) versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa.
network
low complexity
concretecms CWE-918
7.5
2021-10-07 CVE-2021-22958 Server-Side Request Forgery (SSRF) vulnerability in Concretecms Concrete CMS
A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services.
network
low complexity
concretecms CWE-918
critical
9.8
2021-09-27 CVE-2021-40108 Cross-Site Request Forgery (CSRF) vulnerability in Concretecms Concrete CMS
An issue was discovered in Concrete CMS through 8.5.5.
network
low complexity
concretecms CWE-352
8.8
2021-09-27 CVE-2021-40109 Server-Side Request Forgery (SSRF) vulnerability in Concretecms Concrete CMS
A SSRF issue was discovered in Concrete CMS through 8.5.5.
network
low complexity
concretecms CWE-918
6.4