CVE-2021-22949
https://notcve.org/view.php?id=CVE-2021-22949
A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security CMS Research Team" Una vulnerabilidad de tipo CSRF en Concrete CMS versión 8.5.5 y por debajo, permite a un atacante duplicar archivos lo que puede conllevar a molestias en la Interfaz de Usuario, y el agotamiento del espacio en disco. Crédito por la detección: "Solar Security CMS Research Team" • https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes https://hackerone.com/reports/1102225 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2021-36766
https://notcve.org/view.php?id=CVE-2021-36766
Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/single_page/dashboard/system/environment/logging.php Logging::update_logging() method. User input passed through the logFile request parameter is not properly sanitized before being used in a call to the file_exists() PHP function. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope (PHP Object Injection via phar:// stream wrapper), allowing them to carry out a variety of attacks, such as executing arbitrary PHP code. Concrete5 versiones hasta 8.5.5, deserializa Datos no Confiables. • http://packetstormsecurity.com/files/163564/Concrete5-8.5.5-Phar-Deserialization.html http://seclists.org/fulldisclosure/2021/Jul/36 https://hackerone.com/reports/1063039 • CWE-502: Deserialization of Untrusted Data •
CVE-2021-28145
https://notcve.org/view.php?id=CVE-2021-28145
Concrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. This requires at least Editor privileges. Concrete CMS (anteriormente concrete5) versiones anteriores a 8.5.5, permite a usuarios autenticados de forma remota llevar a cabo ataques de tipo XSS por medio de un bloque de encuesta diseñado. Esto requiere al menos privilegios Editor • https://documentation.concrete5.org/developers/introduction/version-history/855-release-notes https://www.concrete5.org/developers/security • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-3111 – Concrete5 8.5.4 - 'name' Stored XSS
https://notcve.org/view.php?id=CVE-2021-3111
The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI. El Express Entries Dashboard en Concrete versión 5 8.5.4, permite almacenar una vulnerabilidad de tipo XSS por medio del campo name de un nuevo objeto de datos en un URI index.php/dashboard/express/entries/view/ Concrete5 version 8.5.4 suffers from a persistent cross site scripting vulnerability. Original discovery of persistent cross site scripting in this version is attributed to nu11secur1ty in March of 2021. • https://www.exploit-db.com/exploits/49721 http://packetstormsecurity.com/files/161600/Concrete5-8.5.4-Cross-Site-Scripting.html http://packetstormsecurity.com/files/161997/Concrete5-8.5.4-Cross-Site-Scripting.html https://documentation.concrete5.org/developers/introduction/version-history https://documentation.concrete5.org/developers/introduction/version-history/855-release-notes https://github.com/Quadron-Research-Lab/CVE/blob/main/CVE-2021-3111.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-24986
https://notcve.org/view.php?id=CVE-2020-24986
Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands. Concrete5 versiones hasta 8.5.2 incluyéndola, permite la Carga Sin Restricciones de Archivos con un Tipo Peligroso, tales como un archivo .php por medio del File Manager. Es posible modificar la configuración del sitio para cargar el archivo PHP y ejecutar comandos arbitrarios • https://hackerone.com/reports/768322 • CWE-434: Unrestricted Upload of File with Dangerous Type •