Known Vulnerabilities for Concrete Cms by Concretecms
Listed below are 10 of the newest known vulnerabilities associated with the software "Concrete Cms" by "Concretecms".
These CVEs are retrieved based on exact matches on listed software and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
|CVE||Shortened Description||Severity||Publish Date||Last Modified|
|CVE-2021-40101||An issue was discovered in Concrete CMS before 8.5.7. The Dashboard allows a user's password to be changed without a prompt f...||Not Provided||2021-11-30||2021-11-30|
|CVE-2021-22970||Concrete CMS (formerly concrete5) versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to b...||Not Provided||2021-11-19||2021-11-19|
|CVE-2021-22969||Concrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacke...||Not Provided||2021-11-19||2021-11-19|
|CVE-2021-22968||A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concret...||Not Provided||2021-11-19||2021-11-19|
|CVE-2021-22967||In Concrete CMS (formerly concrete 5) below 8.5.7, IDOR Allows Unauthenticated User to Access Restricted Files If Allowed to ...||Not Provided||2021-11-19||2021-11-19|
|CVE-2021-22966||Privilege escalation from Editor to Admin using Groups in Concrete CMS versions 8.5.6 and below. If a group is granted "view"...||Not Provided||2021-11-19||2021-11-19|
|CVE-2021-22958||A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address...||9.8 - CRITICAL||2021-10-07||2021-11-01|
|CVE-2021-22953||A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exh...||5.4 - MEDIUM||2021-09-23||2021-10-19|
|CVE-2021-22951||Unauthorized individuals could view password protected files using view_inline in Concrete CMS (previously concrete 5) prior ...||5.4 - MEDIUM||2021-11-19||2021-11-19|
|CVE-2021-22950||Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be delet...||6.5 - MEDIUM||2021-09-23||2021-09-30|