Concrete CMS Bug Bounty Program Statistics | BugBountyHunter.com

You are viewing our old website

We are busy working on a brand new website and platform. All of the content on this website is considered out-dated, however challenges and our members section are working as before. Stay tuned for updates!

Concrete CMS Program Statistics

11 total issues disclosed

$0 total paid publicly

Most disclosed (3 disclosures) — Server-Side Request Forgery (SSRF)

Disclosed Reports

Report Title	Vulnerability Type	Disclosed By	Severity	Disclosed on
SSRF mitigation bypass using DNS Rebind attack	Server-Side Request Forgery (SSRF)	adrian_t	Low	2022-11-25
open redirect to a remote website which can phish users	Open Redirect	adrian_t	Medium	2022-11-25
SSRF - pivoting in the private LAN	Server-Side Request Forgery (SSRF)	adrian_t	Low	2022-11-25
A bypass of adding remote files in concrete5 FIlemanager leads to remote code execution	None supplied	byc_404	Medium	2021-11-11
Arbitrary File delete via PHAR deserialization	Deserialization of Untrusted Data	reset	High	2021-10-20
Authenticated path traversal to RCE	Path Traversal	d3addog	High	2021-10-15
Stored unauth XSS in calendar event via CSRF	Cross-site Scripting (XSS) - Stored	d3addog	Medium	2021-10-15
Stored XSS in Conversations (both client and admin) when Active Conversation Editor is set to "Rich Text"	Cross-site Scripting (XSS) - Stored	bl4de	Medium	2021-10-04
SSRF bypass	Server-Side Request Forgery (SSRF)	pabl00nicarres	Low	2021-10-04
Phar Deserialization Vulnerability via Logging Settings	Deserialization of Untrusted Data	egix	Medium	2021-09-24
Fetching the update json scheme from concrete5 over HTTP leads to remote code execution	Man-in-the-Middle	pabl00nicarres	High	2021-09-22