We have previously wrote about Concrete CMS here. In that post we described how we managed to exploit a double race condition vulnerability in the file upload functionality in order to obtain remote command execution. In this blog post we will present multiple vulnerabilities in Concrete CMS that we have found at the end of last year during a pentest for one of our customers. For more info please see the “Mitigations” section regarding security tips for fixing the password poisoning issue and other tips on improving security for Concrete CMS.

Archive

Tag: ssrf

Multiple vulnerabilities in Concrete CMS – part2 (PrivEsc/SSRF/etc)

Would you like to be updated every time we post something cool on our website?
Please subscribe to our newsletter.

CONTACT US

ADDRESS

LINKS

COMPANY

RESOURCE CENTER

SOCIAL MEDIA