Lucene search
Veracode Vulnerability DatabaseVERACODE:33086HistoryNov 24, 2021 - 1:01 p.m.
Information Disclosure
2021-11-2413:01:55
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.002 Low
EPSS
Percentile
52.9%
concrete5/core is vulnerable to information disclosure. Password protected files are exposed to any users using view_inline because it does not limit file types for view_inline to images only.
| CPE | Name | Operator | Version |
|---|---|---|---|
| concrete5/core | le | 8.5.6 | |
| concrete5/concrete5 | le | 8.5.6 | |
| concrete5/core | le | 8.5.6 | |
| concrete5/concrete5 | le | 8.5.6 |
Related
github
github
Password exposure in concrete5/core
2021-11-23 18:18:16
cvelist
cvelist
CVE-2021-22951
2021-11-19 18:10:14
nvd
nvd
CVE-2021-22951
2021-11-19 19:15:08
cnvd
cnvd
PortlandLabs Concrete CMS has an unspecified vulnerability (CNVD-2021-94038)
2021-11-23 00:00:00
cve
cve
CVE-2021-22951
2021-11-19 19:15:08
prion
prion
Default credentials
2021-11-19 19:15:00
osv
osv
Password exposure in concrete5/core
2021-11-23 18:18:16
openvas
openvas
Concrete CMS < 8.5.7 Multiple Vulnerabilities
2021-11-22 00:00:00