concrete5/core Security Advisories for 8.5.6RC1 (9)
-
[CRITICAL] Path traversal in Concrete CMS
PKSA-w385-k342-cg37 CVE-2022-30117 GHSA-3jxh-6635-6jwp
Affected version: <8.5.8|>=9.0.0,<9.1.0
Reported by:
GitHub -
[LOW] Cross site scripting in Concrete CMS
PKSA-2xjy-vwtz-v6rx CVE-2022-30120 GHSA-m2ww-6wv6-vw3c
Affected version: <8.5.8|>=9.0.0,<9.1.0
Reported by:
GitHub -
[HIGH] Code injection in concrete CMS
PKSA-vq6h-116w-22d2 CVE-2022-21829 GHSA-6xc4-7fmm-65q2
Affected version: <8.5.8|>=9.0.0,<9.1.0
Reported by:
GitHub -
[MEDIUM] Server-Side Request Forgery in Concrete CMS
PKSA-c7qt-bjm3-krz8 CVE-2021-22970 GHSA-gqpw-9q54-9x28
Affected version: <8.5.7
Reported by:
GitHub -
[MEDIUM] Server-Side Request Forgery in Concrete CMS
PKSA-hq3g-6kzq-dx63 CVE-2021-22969 GHSA-mcxr-fx5f-96qq
Affected version: <8.5.7
Reported by:
GitHub -
[MEDIUM] Password exposure in concrete5/core
PKSA-vysg-55yk-yyb1 CVE-2021-22951 GHSA-rhf5-f553-xg82
Affected version: <8.5.7
Reported by:
GitHub -
[HIGH] Improper Privilege Management in Concrete CMS
PKSA-4z8z-47md-hnb3 CVE-2021-22966 GHSA-j4mv-2rv7-v2j9
Affected version: <8.5.7
Reported by:
GitHub -
[MEDIUM] Exposure of sensitive information in concrete5/core
PKSA-dm8x-r91h-qh78 CVE-2021-22967 GHSA-m2v2-8227-59f5
Affected version: <8.5.7
Reported by:
GitHub -
[HIGH] Improper file handling in concrete5/core
PKSA-q3cr-p22c-s4q9 CVE-2021-22968 GHSA-g3p2-hfqr-9m25
Affected version: <8.5.7
Reported by:
GitHub