Vulnerabilities > Concretecms > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-09-23 CVE-2021-22950 Cross-Site Request Forgery (CSRF) vulnerability in Concretecms Concrete CMS
Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team"
4.3
2021-09-23 CVE-2021-22953 Cross-Site Request Forgery (CSRF) vulnerability in Concretecms Concrete CMS
A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team"
5.8
2021-07-30 CVE-2021-36766 Deserialization of Untrusted Data vulnerability in Concretecms Concrete CMS
Concrete5 through 8.5.5 deserializes Untrusted Data.
network
low complexity
concretecms CWE-502
6.5
2020-06-22 CVE-2020-14961 Unspecified vulnerability in Concretecms Concrete CMS
Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value.
network
low complexity
concretecms
5.0
2020-01-14 CVE-2011-3183 Cross-site Scripting vulnerability in Concretecms Concrete CMS 5.4.1.1
A Cross-Site Scripting (XSS) vulnerability exists in the rcID parameter in Concrete CMS 5.4.1.1 and earlier.
4.3
2018-07-09 CVE-2018-13790 Server-Side Request Forgery (SSRF) vulnerability in Concretecms Concrete CMS 8.2.0
A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL functionality on the File Manager page.
network
low complexity
concretecms CWE-918
6.5
2018-02-26 CVE-2017-18195 Unspecified vulnerability in Concretecms Concrete CMS
An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0.
network
low complexity
concretecms
5.0
2017-09-07 CVE-2015-4724 SQL Injection vulnerability in Concretecms Concrete CMS 5.7.3.1
SQL injection vulnerability in Concrete5 5.7.3.1.
network
low complexity
concretecms CWE-89
6.5
2017-09-07 CVE-2015-4721 Cross-site Scripting vulnerability in Concretecms Concrete CMS 5.7.3.1
Multiple cross-site scripting (XSS) vulnerabilities in Concrete5 5.7.3.1.
4.3
2017-04-24 CVE-2017-8082 Cross-Site Request Forgery (CSRF) vulnerability in Concretecms Concrete CMS 8.1.0
concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditor?fID=1&imgData= URI.
4.3