CVEDB API

Vulnerabilities

Vulnerable Software

Concretecms: >> Concrete Cms >> 5.7.2 Security Vulnerabilities

CVE-2020-11476

Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file.

CVSS Score

7.2

EPSS Score

0.01

Published

2020-07-28

CVE-2020-14961

Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value.

CVSS Score

5.3

EPSS Score

0.003

Published

2020-06-22

CVE-2017-18195

An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental 'cnvID' integers.

CVSS Score

5.3

EPSS Score

0.037

Published

2018-02-26

CVE-2014-9526

Multiple cross-site scripting (XSS) vulnerabilities in concrete5 5.7.2.1, 5.7.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gName parameter in single_pages/dashboard/users/groups/bulkupdate.php or (2) instance_id parameter in tools/dashboard/sitemap_drag_request.php.

CVSS Score

4.3

EPSS Score

0.004

Published

2015-01-05

Page 8

Vulnerabilities

Vulnerable Software

Concretecms: >> Concrete Cms >> 5.7.2 Security Vulnerabilities

Products

Pricing

Contact Us