Concretecms: >> Concrete Cms >> 5.4.1.1 Security Vulnerabilities
Concrete CMS (formerly concrete5) versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa. SSRF attacks on the private LAN servers by reading files from the local LAN. An attacker can pivot in the private LAN and exploit local network appsandb. SSRF Mitigation Bypass through DNS RebindingConcrete CMS security team gave this a CVSS score of 3.5 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:NConcrete CMS is maintaining Concrete version 8.5.x until 1 May 2022 for security fixes.This CVE is shared with HackerOne Reports https://hackerone.com/reports/1364797 and https://hackerone.com/reports/1360016Reporters: Adrian Tiron from FORTBRIDGE (https://www.fortbridge.co.uk/ ) and Bipul Jaiswal
CVSS Score
7.5
EPSS Score
0.004
Published
2021-11-19
A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. Impact can vary depending on services exposed.CVSSv2.0 AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
CVSS Score
9.8
EPSS Score
0.004
Published
2021-10-07
An issue was discovered in Concrete CMS through 8.5.5. The Calendar is vulnerable to CSRF. ccm_token is not verified on the ccm/calendar/dialogs/event/add/save endpoint.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-09-27
A SSRF issue was discovered in Concrete CMS through 8.5.5. Users can access forbidden files on their local network. A user with permissions to upload files from external sites can upload a URL that redirects to an internal resource of any file type. The redirect is followed and loads the contents of the file from the redirected-to server. Files of disallowed types can be uploaded.
CVSS Score
6.4
EPSS Score
0.001
Published
2021-09-27
An issue was discovered in Concrete CMS through 8.5.5. Path Traversal leading to RCE via external form by adding a regular expression.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-09-27
An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-09-27
An issue was discovered in Concrete CMS through 8.5.5. There is an SVG sanitizer bypass.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-09-27
An issue was discovered in Concrete CMS through 8.5.5. There is XSS via Markdown Comments.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-09-27
An issue was discovered in Concrete CMS through 8.5.5. There is unauthenticated stored XSS in blog comments via the website field.
CVSS Score
6.1
EPSS Score
0.006
Published
2021-09-27
An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter.
CVSS Score
8.8
EPSS Score
0.041
Published
2021-09-27