Vulnerabilities > Concretecms

DATE	CVE	VULNERABILITY TITLE	RISK
2017-09-07	CVE-2015-4724	SQL Injection vulnerability in Concretecms Concrete CMS 5.7.3.1 SQL injection vulnerability in Concrete5 5.7.3.1. network low complexity concretecms CWE-89	8.8
2017-09-07	CVE-2015-4721	Cross-site Scripting vulnerability in Concretecms Concrete CMS 5.7.3.1 Multiple cross-site scripting (XSS) vulnerabilities in Concrete5 5.7.3.1. network low complexity concretecms CWE-79	6.1
2017-04-24	CVE-2017-8082	Cross-Site Request Forgery (CSRF) vulnerability in Concretecms Concrete CMS 8.1.0 concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditor?fID=1&imgData= URI. network low complexity concretecms CWE-352	6.5
2017-04-13	CVE-2017-7725	Cross-site Scripting vulnerability in Concretecms Concrete CMS 8.1.0 concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. network low complexity concretecms CWE-79	6.1

Vulnerabilities > Concretecms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Concretecms"}]}