CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2CVE-2017-18195 – Concrete5 CMS < 8.3.0 - Username / Comments Enumeration
https://notcve.org/view.php?id=CVE-2017-18195
An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental 'cnvID' integers. Se ha descubierto un problema en tools/conversations/view_ajax.php en Concrete5, en versiones anteriores a la 8.3.0. Un usuario no autenticado puede enumerar comentarios de todos los posts de blog realizando peticiones POST a /index.php/tools/required/conversations/view_ajax con enteros "cnvID" incrementales. Concrete5 versions prior to 8.3.0 suffers from enumeration vulnerabilities. • https://www.exploit-db.com/exploits/44194 https://github.com/concrete5/concrete5/pull/6008/files https://github.com/concrete5/concrete5/releases/tag/8.3.0 https://github.com/r3naissance/NSE/blob/master/http-vuln-cve2017-18195.nse •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4724
https://notcve.org/view.php?id=CVE-2015-4724
SQL injection vulnerability in Concrete5 5.7.3.1. Existe una vulnerabilidad de inyección SQL en Concrete5 5.7.3.1. • http://hackerone.com/reports/59664 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4721
https://notcve.org/view.php?id=CVE-2015-4721
Multiple cross-site scripting (XSS) vulnerabilities in Concrete5 5.7.3.1. Existen múltiples vulnerabilidades de tipo Cross-Site Scripting (XSS) en Concrete5 5.7.3.1. • http://hackerone.com/reports/59661 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2017-8082 – concrete5 8.1.0 Thumbnail Editor CSRF / DoS
https://notcve.org/view.php?id=CVE-2017-8082
concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditor?fID=1&imgData= URI. This results in a site-wide denial of service making the site not accessible to any users or any administrators. concrete5 8.1.0 tiene CSRF en el Thumbnail Editor en el File Manager, que permite a atacantes remotos desactivar toda la instalación simplemente engañando a un administrador para que vea una página malintencionada que involucre a /tools/required/files/importers/imageeditor?fID=1&imgData= URI. Esto da lugar a una denegación de servicio en todo el sitio que hace que el sitio no sea accesible a ningún usuario ni a ningún administrador. concrete5 8.1.0 Thumbnail Editor suffers from cross site request forgery and denial of service vulnerabilities. • http://zeroday.insecurity.zone/exploits/concrete5_csrf_dos.txt https://drive.google.com/open?id=0B3vXUYdNMECWZTd3SFRnUjllWk0 https://twitter.com/insecurity/status/856066923146215425 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 4CVE-2017-7725 – Concrete5 CMS 8.1.0 - 'Host' Header Injection
https://notcve.org/view.php?id=CVE-2017-7725
concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. Remote attackers can make a GET request with any domain name in the Host header; this is stored and allows for arbitrary domains to be set for certain links displayed to subsequent visitors, potentially an XSS vector. Concrete5 8.1.0 pone una confianza incorrecta en el encabezado HTTP Host durante el almacenamiento en caché, si el administrador no definió una URL "canonical" en la instalación de concrete5 mediante la configuración de "Advanced Options". Los atacantes remotos pueden hacer una solicitud GET con cualquier nombre de dominio en el encabezado Host; Esto se almacena y permite que se establezcan dominios arbitrarios para ciertos enlaces mostrados a visitantes posteriores, potencialmente un vector XSS. concrete5 version 8.1.0 suffers from a host header injection vulnerability. • https://www.exploit-db.com/exploits/41885 http://hyp3rlinx.altervista.org/advisories/CONCRETE5-v8.1.0-HOST-HEADER-INJECTION.txt http://www.securityfocus.com/bid/97649 https://hackerone.com/reports/148300 https://packetstormsecurity.com/files/142145/concrete5-8.1.0-Host-Header-Injection.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •