Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Concrete_cms
(Concretecms)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 99 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-09-07 | CVE-2015-4724 | SQL injection vulnerability in Concrete5 5.7.3.1. | Concrete_cms | 8.8 | ||
| 2018-07-09 | CVE-2018-13790 | A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL functionality on the File Manager page. | Concrete_cms | 7.2 | ||
| 2019-06-17 | CVE-2018-19146 | Concrete5 8.4.3 has XSS because config/concrete.php allows uploads (by administrators) of SVG files that may contain HTML data with a SCRIPT element. | Concrete_cms | 4.8 | ||
| 2020-01-14 | CVE-2011-3183 | A Cross-Site Scripting (XSS) vulnerability exists in the rcID parameter in Concrete CMS 5.4.1.1 and earlier. | Concrete_cms | 6.1 |