Concrete5 Core vulnerabilities
9 known vulnerabilities affecting concrete5/core.
Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM4LOW1
Vulnerabilities
Page 1 of 1
CVE-2022-30117P3CRITICAL≥ 9.0.0, < 9.1.0≥ 0, < 8.5.82022-06-25
CVE-2022-30117 [CRITICAL] CWE-22 Path traversal in Concrete CMS
Path traversal in Concrete CMS
Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. This was remediated by sanitizing /index.php/ccm/system/file/upload to ensure Concrete doesn’t allow traversal and by changing isFullChunkFilePresent to have an early false return when input doesn't match expectations.Concrete CMS S
ghsaosv
CVE-2022-21829P3HIGH≥ 9.0.0, < 9.1.0≥ 0, < 8.5.82022-06-25
CVE-2022-21829 [HIGH] CWE-319 Code injection in concrete CMS
Code injection in concrete CMS
Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Fixed by enforcing ‘concrete_secure’ instead of ‘concrete’. Concrete now only makes requests over https even a request comes in via http. Concrete CMS security team ranked this 8 with CVSS v3.1 vector: AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Credit g
ghsaosv
CVE-2021-22966P3HIGH≥ 0, < 8.5.72021-11-23
CVE-2021-22966 [HIGH] CWE-269 Improper Privilege Management in Concrete CMS
Improper Privilege Management in Concrete CMS
Privilege escalation from Editor to Admin using Groups in Concrete CMS versions 8.5.6 and below. If a group is granted "view" permissions on the bulkupdate page, then users in that group can escalate to being an administrator with a specially crafted curl. Fixed by adding a check for group permissions before allowing a group to be moved.
ghsaosv
CVE-2021-22968P3HIGH≥ 0, < 8.5.72021-11-23
CVE-2021-22968 [HIGH] CWE-330 Improper file handling in concrete5/core
Improper file handling in concrete5/core
A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concrete CMS (concrete5) versions 8.5.6 and below. The external file upload feature stages files in the public directory even if they have disallowed file extensions. They are stored in a directory with a random name, but it's possible to stall the uploads and brute fo
ghsaosv
CVE-2021-22967P3MEDIUM≥ 0, < 8.5.72021-11-23
CVE-2021-22967 [MEDIUM] CWE-200 Exposure of sensitive information in concrete5/core
Exposure of sensitive information in concrete5/core
In Concrete CMS (formerly concrete 5) below 8.5.7, IDOR Allows Unauthenticated User to Access Restricted Files If Allowed to Add Message to a Conversation.To remediate this, a check was added to verify a user has permissions to view files before attaching the files to a message in "add / edit message”.
ghsaosv
CVE-2021-22951P3MEDIUM≥ 0, < 8.5.72021-11-23
CVE-2021-22951 [MEDIUM] CWE-200 Password exposure in concrete5/core
Password exposure in concrete5/core
Unauthorized individuals could view password protected files using view_inline in Concrete CMS (previously concrete 5) prior to version 8.5.7. Concrete CMS now checks to see if a file has a password in view_inline and, if it does, the file is not rendered.For version 8.5.6, the following mitigations were put in place a. restricting file types for view_inline to images only b. putting a warnin
ghsaosv
CVE-2021-22970P3MEDIUM≥ 0, < 8.5.72021-11-23
CVE-2021-22970 [MEDIUM] CWE-918 Server-Side Request Forgery in Concrete CMS
Server-Side Request Forgery in Concrete CMS
Concrete CMS (formerly concrete5) versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable to SSRF attacks on the private LAN to servers by reading files from the local LAN. An attacker can pivot in the private LAN and exploit local network appsandb.
ghsaosv
CVE-2021-22969P4MEDIUM≥ 0, < 8.5.72021-11-23
CVE-2021-22969 [MEDIUM] CWE-918 Server-Side Request Forgery in Concrete CMS
Server-Side Request Forgery in Concrete CMS
Concrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS (ex AWS) IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading rather than relying on DNS.Discoverer.
ghsaosv
CVE-2022-30120P4LOW≥ 9.0.0, < 9.1.0≥ 0, < 8.5.82022-06-25
CVE-2022-30120 [LOW] CWE-79 Cross site scripting in Concrete CMS
Cross site scripting in Concrete CMS
XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 to allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS S
ghsaosv