CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2017-8082 – concrete5 8.1.0 Thumbnail Editor CSRF / DoS
https://notcve.org/view.php?id=CVE-2017-8082
concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditor?fID=1&imgData= URI. This results in a site-wide denial of service making the site not accessible to any users or any administrators. concrete5 8.1.0 tiene CSRF en el Thumbnail Editor en el File Manager, que permite a atacantes remotos desactivar toda la instalación simplemente engañando a un administrador para que vea una página malintencionada que involucre a /tools/required/files/importers/imageeditor?fID=1&imgData= URI. Esto da lugar a una denegación de servicio en todo el sitio que hace que el sitio no sea accesible a ningún usuario ni a ningún administrador. concrete5 8.1.0 Thumbnail Editor suffers from cross site request forgery and denial of service vulnerabilities. • http://zeroday.insecurity.zone/exploits/concrete5_csrf_dos.txt https://drive.google.com/open?id=0B3vXUYdNMECWZTd3SFRnUjllWk0 https://twitter.com/insecurity/status/856066923146215425 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 4CVE-2017-7725 – Concrete5 CMS 8.1.0 - 'Host' Header Injection
https://notcve.org/view.php?id=CVE-2017-7725
concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. Remote attackers can make a GET request with any domain name in the Host header; this is stored and allows for arbitrary domains to be set for certain links displayed to subsequent visitors, potentially an XSS vector. Concrete5 8.1.0 pone una confianza incorrecta en el encabezado HTTP Host durante el almacenamiento en caché, si el administrador no definió una URL "canonical" en la instalación de concrete5 mediante la configuración de "Advanced Options". Los atacantes remotos pueden hacer una solicitud GET con cualquier nombre de dominio en el encabezado Host; Esto se almacena y permite que se establezcan dominios arbitrarios para ciertos enlaces mostrados a visitantes posteriores, potencialmente un vector XSS. concrete5 version 8.1.0 suffers from a host header injection vulnerability. • https://www.exploit-db.com/exploits/41885 http://hyp3rlinx.altervista.org/advisories/CONCRETE5-v8.1.0-HOST-HEADER-INJECTION.txt http://www.securityfocus.com/bid/97649 https://hackerone.com/reports/148300 https://packetstormsecurity.com/files/142145/concrete5-8.1.0-Host-Header-Injection.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 3CVE-2014-9526
https://notcve.org/view.php?id=CVE-2014-9526
Multiple cross-site scripting (XSS) vulnerabilities in concrete5 5.7.2.1, 5.7.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gName parameter in single_pages/dashboard/users/groups/bulkupdate.php or (2) instance_id parameter in tools/dashboard/sitemap_drag_request.php. Múltiples vulnerabilidades de XSS en concrete5 5.7.2.1, 5.7.2, y anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través (1) del parámetro gName en single_pages/dashboard/users/groups/bulkupdate.php o (2) del parámetro instance_id en tools/dashboard/sitemap_drag_request.php. • http://morxploit.com/morxploits/morxconxss.txt http://packetstormsecurity.com/files/129446/Concrete5-CMS-5.7.2-5.7.2.1-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2014/Dec/38 http://www.securityfocus.com/archive/1/534189/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/99264 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 15EXPL: 0CVE-2014-5107
https://notcve.org/view.php?id=CVE-2014-5107
concrete5 before 5.6.3 allows remote attackers to obtain the installation path via a direct request to (1) system/basics/editor.php, (2) system/view.php, (3) system/environment/file_storage_locations.php, (4) system/mail/importers.php, (5) system/mail/method.php, (6) system/permissions/file_types.php, (7) system/permissions/files.php, (8) system/permissions/tasks.php, (9) system/permissions/users.php, (10) system/seo/view.php, (11) view.php, (12) users/attributes.php, (13) scrapbook/view.php, (14) pages/attributes.php, (15) files/attributes.php, or (16) files/search.php in single_pages/dashboard/. concrete5 anterior a 5.6.3 permite a atacantes remotos obtener la ruta de instalación a través de una solicitud directa en (1) system/basics/editor.php, (2) system/view.php, (3) system/environment/file_storage_locations.php, (4) system/mail/importers.php, (5) system/mail/method.php, (6) system/permissions/file_types.php, (7) system/permissions/files.php, (8) system/permissions/tasks.php, (9) system/permissions/users.php, (10) system/seo/view.php, (11) view.php, (12) users/attributes.php, (13) scrapbook/view.php, (14) pages/attributes.php, (15) files/attributes.php o (16) files/search.php en single_pages/dashboard/. • http://osvdb.org/show/osvdb/109269 http://packetstormsecurity.com/files/127493/Concrete-5.6.2.1-REFERER-Cross-Site-Scripting.html http://www.securityfocus.com/bid/68685 https://www.concrete5.org/documentation/background/version_history/5-6-3-release-notes • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 0CVE-2014-5108
https://notcve.org/view.php?id=CVE-2014-5108
Cross-site scripting (XSS) vulnerability in single_pages\download_file.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to index.php/download_file. Vulnerabilidad de XSS en single_pages\download_file.php en concrete5 anterior a 5.6.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la cabecera HTTP Referer en index.php/download_file. • http://osvdb.org/show/osvdb/109273 http://packetstormsecurity.com/files/127493/Concrete-5.6.2.1-REFERER-Cross-Site-Scripting.html http://www.securityfocus.com/bid/68685 https://www.concrete5.org/documentation/background/version_history/5-6-3-release-notes • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •