Concretecms: >> Concrete Cms >> 5.7.0.1 Security Vulnerabilities
An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File deletion can occur via PHAR deserialization in is_dir (PHP Object Injection associated with the __wakeup magic method).
CVSS Score
9.1
EPSS Score
0.007
Published
2021-09-24
A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team"
CVSS Score
5.4
EPSS Score
0.001
Published
2021-09-23
A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security CMS Research Team"
CVSS Score
5.4
EPSS Score
0.001
Published
2021-09-23
Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team"
CVSS Score
6.5
EPSS Score
0.001
Published
2021-09-23
Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/single_page/dashboard/system/environment/logging.php Logging::update_logging() method. User input passed through the logFile request parameter is not properly sanitized before being used in a call to the file_exists() PHP function. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope (PHP Object Injection via phar:// stream wrapper), allowing them to carry out a variety of attacks, such as executing arbitrary PHP code.
CVSS Score
7.2
EPSS Score
0.015
Published
2021-07-30
Concrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. This requires at least Editor privileges.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-03-18
The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI.
CVSS Score
4.8
EPSS Score
0.006
Published
2021-01-08
Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands.
CVSS Score
7.2
EPSS Score
0.01
Published
2020-09-04
Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file.
CVSS Score
7.2
EPSS Score
0.01
Published
2020-07-28
Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value.
CVSS Score
5.3
EPSS Score
0.003
Published
2020-06-22