Product:

Concrete_cms

(Concretecms)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 99
Date Id Summary Products Score Patch Annotated
2021-09-24 CVE-2021-40099 An issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP leads to remote code execution. Concrete_cms 7.2
2021-09-24 CVE-2021-40100 An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Editor is set to Rich Text. Concrete_cms 5.4
2021-09-24 CVE-2021-40102 An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File deletion can occur via PHAR deserialization in is_dir (PHP Object Injection associated with the __wakeup magic method). Concrete_cms 9.1
2021-09-27 CVE-2021-40097 An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter. Concrete_cms 8.8
2021-09-27 CVE-2021-40098 An issue was discovered in Concrete CMS through 8.5.5. Path Traversal leading to RCE via external form by adding a regular expression. Concrete_cms 9.8
2021-09-27 CVE-2021-40103 An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF. Concrete_cms 7.5
2021-09-27 CVE-2021-40104 An issue was discovered in Concrete CMS through 8.5.5. There is an SVG sanitizer bypass. Concrete_cms 7.5
2021-09-27 CVE-2021-40105 An issue was discovered in Concrete CMS through 8.5.5. There is XSS via Markdown Comments. Concrete_cms 6.1
2021-09-27 CVE-2021-40106 An issue was discovered in Concrete CMS through 8.5.5. There is unauthenticated stored XSS in blog comments via the website field. Concrete_cms 6.1
2021-09-27 CVE-2021-40108 An issue was discovered in Concrete CMS through 8.5.5. The Calendar is vulnerable to CSRF. ccm_token is not verified on the ccm/calendar/dialogs/event/add/save endpoint. Concrete_cms 8.8