Concrete CMS


5 total issues disclosed

$0 total paid publicly


Most disclosed (1 disclosures) — None supplied

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
A bypass of adding remote files in concrete5 FIlemanager leads to remote code execution None supplied byc_404 Medium 2021-11-11
Arbitrary File delete via PHAR deserialization Deserialization of Untrusted Data reset High 2021-10-20
Authenticated path traversal to RCE Path Traversal d3addog High 2021-10-15
Stored unauth XSS in calendar event via CSRF Cross-site Scripting (XSS) - Stored d3addog Medium 2021-10-15
SSRF bypass Server-Side Request Forgery (SSRF) pabl00nicarres Low 2021-10-04