CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30119
https://notcve.org/view.php?id=CVE-2022-30119
XSS in /dashboard/reports/logs/view - old browsers only. When using Internet Explorer with the XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 2 with CVSS v3.1 Vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N. Thanks zeroinside for reporting. • https://documentation.concretecms.org/developers/introduction/version-history/858-release-notes https://documentation.concretecms.org/developers/introduction/version-history/910-release-notes https://hackerone.com/reports/1370054 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22954
https://notcve.org/view.php?id=CVE-2021-22954
A cross-site request forgery vulnerability exists in Concrete CMS <v9 that could allow an attacker to make requests on behalf of other users. Se presenta una vulnerabilidad de tipo cross-site request forgery en Concrete CMS versiones anteriores a v9, que podría permitir a un atacante realizar peticiones en nombre de otros usuarios • https://documentation.concretecms.org/developers/introduction/version-history/90-release-notes • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40101
https://notcve.org/view.php?id=CVE-2021-40101
An issue was discovered in Concrete CMS before 8.5.7. The Dashboard allows a user's password to be changed without a prompt for the current password. Se ha detectado un problema en Concrete CMS versiones anteriores a 8.5.7. El Dashboard permite cambiar la contraseña de un usuario sin que le sea pedida la contraseña actual • https://github.com/S1lkys/CVE-2021-40101 https://documentation.concretecms.org/developers/introduction/version-history/857-release-notes https://hackerone.com/reports/1065577 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.2EPSS: 1%CPEs: 1EXPL: 1CVE-2021-22968
https://notcve.org/view.php?id=CVE-2021-22968
A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concrete CMS (concrete5) versions 8.5.6 and below.The external file upload feature stages files in the public directory even if they have disallowed file extensions. They are stored in a directory with a random name, but it's possible to stall the uploads and brute force the directory name. You have to be an admin with the ability to upload files, but this bug gives you the ability to upload restricted file types and execute them depending on server configuration.To fix this, a check for allowed file extensions was added before downloading files to a tmp directory.Concrete CMS Security Team gave this a CVSS v3.1 score of 5.4 AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:NThis fix is also in Concrete version 9.0.0 Un bypass en la adición de archivos remotos en el Administrador de Archivos de Concrete CMS (anteriormente concrete5) conlleva a una ejecución de código remota en Concrete CMS (concrete5) versiones 8.5.6 y anteriores. La funcionalidad external file upload escenifica archivos en el directorio público incluso si presentan extensiones de archivo no permitidas. Son almacenadas en un directorio con un nombre aleatorio, pero es posible detener las subidas y forzar el nombre del directorio. • https://documentation.concretecms.org/developers/introduction/version-history/857-release-notes https://hackerone.com/reports/1350444 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') CWE-330: Use of Insufficiently Random Values CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22967
https://notcve.org/view.php?id=CVE-2021-22967
In Concrete CMS (formerly concrete 5) below 8.5.7, IDOR Allows Unauthenticated User to Access Restricted Files If Allowed to Add Message to a Conversation.To remediate this, a check was added to verify a user has permissions to view files before attaching the files to a message in "add / edit messageā.Concrete CMS security team gave this a CVSS v3.1 score of 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NCredit for discovery Adrian H En Concrete CMS (anteriormente Concrete 5) versiones anteriores a 8.5.7, IDOR permite a un usuario no autentificado acceder a archivos restringidos si le es permitido añadir un mensaje a una conversación. Para remediar esto, ha sido añadida una comprobación para verificar que un usuario presenta permisos para visualizar los archivos antes de adjuntar los archivos a un mensaje en "add / edit message".El equipo de seguridad de Concrete CMS dio a esto una puntuación CVSS v3.1 de 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Créditos para la detección Adrian H • https://documentation.concretecms.org/developers/introduction/version-history/857-release-notes https://hackerone.com/reports/869612 • CWE-639: Authorization Bypass Through User-Controlled Key •