CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40103
https://notcve.org/view.php?id=CVE-2021-40103
An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF. Se ha detectado un problema en Concrete CMS versiones hasta 8.5.5. Un Salto de Ruta puede conllevar a una lectura de archivos arbitrarios y un ataque de tipo SSRF • https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes https://hackerone.com/reports/1102211 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40098
https://notcve.org/view.php?id=CVE-2021-40098
An issue was discovered in Concrete CMS through 8.5.5. Path Traversal leading to RCE via external form by adding a regular expression. Se ha detectado un problema en Concrete CMS versiones hasta 8.5.5. Un Salto de Ruta conlleva a RCE por medio de una forma externa al añadir una expresión regular • https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes https://hackerone.com/reports/1102080 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40097
https://notcve.org/view.php?id=CVE-2021-40097
An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter. Se ha detectado un problema en Concrete CMS versiones hasta 8.5.5. Un salto de ruta autenticado conlleva a una ejecución de código remota por medio de código PHP cargado, relacionado con el parámetro bFilename • https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes https://hackerone.com/reports/1102067 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40099
https://notcve.org/view.php?id=CVE-2021-40099
An issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP leads to remote code execution. Un problema fue detectado en Concrete CMS versiones hasta 8.5.5. Una obtención del esquema de actualización json a través de HTTP conlleva a una ejecución de código remota. • https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes https://hackerone.com/reports/982130 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40100
https://notcve.org/view.php?id=CVE-2021-40100
An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Editor is set to Rich Text. Se ha detectado un problema en Concrete CMS versiones hasta 8.5.5. Un ataque de tipo XSS almacenado puede ocurrir en las Conversaciones cuando el Active Conversation Editor se establece en Texto Enriquecido. • https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes https://hackerone.com/reports/616770 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •