Skip to content

Latest commit

 

History

History
89 lines (88 loc) · 10.7 KB

TOPCONCRETECMS.md

File metadata and controls

89 lines (88 loc) · 10.7 KB
Raw

Top reports from Concrete CMS program at HackerOne:

  1. Remote Code Execution (Reverse Shell) - File Manager to Concrete CMS - 111 upvotes, $0
  2. Time-base SQL Injection in Search Users to Concrete CMS - 58 upvotes, $0
  3. Password Reset link hijacking via Host Header Poisoning to Concrete CMS - 56 upvotes, $0
  4. SVG file that HTML Included is able to upload via File Manager to Concrete CMS - 26 upvotes, $0
  5. Arbitrary File delete via PHAR deserialization to Concrete CMS - 26 upvotes, $0
  6. XSS in select attribute options to Concrete CMS - 20 upvotes, $0
  7. SSRF thru File Replace to Concrete CMS - 17 upvotes, $0
  8. Reflected XSS vulnerability in Database name field on installation screen to Concrete CMS - 17 upvotes, $0
  9. 'cnvID' parameter vulnerable to Insecure Direct Object References to Concrete CMS - 16 upvotes, $0
  10. Authenticated path traversal to RCE to Concrete CMS - 16 upvotes, $0
  11. Remote Code Execution through Extension Bypass on Log Functionality to Concrete CMS - 15 upvotes, $0
  12. Cross Site Scripting (XSS) Stored - Private messaging to Concrete CMS - 15 upvotes, $0
  13. Local File Inclusion path bypass to Concrete CMS - 13 upvotes, $0
  14. Stored XSS in Headline TextControl element in Express forms [ concrete5 8.1.0 ] to Concrete CMS - 12 upvotes, $0
  15. Unauthenticated reflected XSS in preview_as_user function to Concrete CMS - 12 upvotes, $0
  16. SSRF bypass to Concrete CMS - 12 upvotes, $0
  17. Local File Inclusion Vulnerability in Concrete5 version 5.7.3.1 to Concrete CMS - 11 upvotes, $0
  18. Bypass auth.email-domains to Concrete CMS - 10 upvotes, $0
  19. A bypass of adding remote files in concrete5 FIlemanager leads to remote code execution to Concrete CMS - 10 upvotes, $0
  20. HttpOnly flag not set for cookie on concrete5.org to Concrete CMS - 9 upvotes, $0
  21. CSRF Full Account Takeover to Concrete CMS - 9 upvotes, $0
  22. Stored XSS in Pages SEO dialog Name field (concrete5 8.1.0) to Concrete CMS - 9 upvotes, $0
  23. Stored XSS vulnerability in RSS Feeds Description field to Concrete CMS - 9 upvotes, $0
  24. Stored unauth XSS in calendar event via CSRF to Concrete CMS - 9 upvotes, $0
  25. Stored XSS in Private Messages 'Reply' allows to execute malicious JavaScript against any user while replying to the message which contains payload to Concrete CMS - 8 upvotes, $0
  26. Stored XSS in the file search filter to Concrete CMS - 8 upvotes, $0
  27. Stored XSS in Express Objects - Concrete5 v8.1.0 to Concrete CMS - 7 upvotes, $0
  28. Stored XSS in Name field in User Groups/Group Details form to Concrete CMS - 7 upvotes, $0
  29. Stored XSS vulnerability in additional URLs in 'Location' dialog [Sitemap] to Concrete CMS - 7 upvotes, $0
  30. Stored XSS on Add Event in Calendar to Concrete CMS - 7 upvotes, $0
  31. Stored XSS on Add Calendar to Concrete CMS - 7 upvotes, $0
  32. XSS in private message to Concrete CMS - 6 upvotes, $0
  33. Unauthenticated HTML Injection Stored - ContactUs form to Concrete CMS - 6 upvotes, $0
  34. Fetching the update json scheme from concrete5 over HTTP leads to remote code execution to Concrete CMS - 6 upvotes, $0
  35. SSRF mitigation bypass using DNS Rebind attack to Concrete CMS - 6 upvotes, $0
  36. FULL PATH DISCLOSUR to Concrete CMS - 5 upvotes, $0
  37. XSS on [/concrete/concrete/elements/dashboard/sitemap.php] to Concrete CMS - 5 upvotes, $0
  38. Stored XSS on express entries to Concrete CMS - 5 upvotes, $0
  39. XSS IN member List (Because of City Textbox) to Concrete CMS - 4 upvotes, $0
  40. Stored XSS in RSS Feeds Title (Concrete5 v8.1.0) to Concrete CMS - 4 upvotes, $0
  41. Phar Deserialization Vulnerability via Logging Settings to Concrete CMS - 4 upvotes, $0
  42. Stored XSS in Conversations (both client and admin) when Active Conversation Editor is set to "Rich Text" to Concrete CMS - 4 upvotes, $0
  43. SSRF - pivoting in the private LAN to Concrete CMS - 4 upvotes, $0
  44. /index.php/dashboard/sitemap/explore/ Cross-site scripting to Concrete CMS - 3 upvotes, $0
  45. stored XSS in concrete5 5.7.2.1 to Concrete CMS - 3 upvotes, $0
  46. SQL injection in conc/index.php/ccm/system/search/users/submit to Concrete CMS - 3 upvotes, $0
  47. Multiple Cross Site Request Forgery Vulnerabilities in Concrete5 version 5.7.3.1 to Concrete CMS - 3 upvotes, $0
  48. Multiple Stored Cross Site Scripting Vulnerabilities in Concrete5 version 5.7.3.1 to Concrete CMS - 3 upvotes, $0
  49. page_controls_menu_js can reveal collection version of page to Concrete CMS - 2 upvotes, $0
  50. https://concrete5.org ::: HeartBleed Attack (CVE-2014-0160) to Concrete CMS - 2 upvotes, $0
  51. dashboard/pages/types [Unknown column 'Array' in 'where clause'] disclosure. to Concrete CMS - 2 upvotes, $0
  52. CONCRETE5 - path disclosure. to Concrete CMS - 2 upvotes, $0
  53. broken authentication to Concrete CMS - 2 upvotes, $0
  54. Weak random number generator used in concrete/authentication/concrete/controller.php to Concrete CMS - 2 upvotes, $0
  55. Sendmail Remote Code Execution Vulnerability in Concrete5 version 5.7.3.1 to Concrete CMS - 2 upvotes, $0
  56. No CSRF protection when creating new community points actions, and related stored XSS to Concrete CMS - 2 upvotes, $0
  57. Stored XSS in adding fileset to Concrete CMS - 2 upvotes, $0
  58. Content Spoofing possible in concrete5.org to Concrete CMS - 2 upvotes, $0
  59. Unsafe usage of Host HTTP header in Concrete5 version 5.7.3.1 to Concrete CMS - 2 upvotes, $0
  60. Administrators can add other administrators to Concrete CMS - 2 upvotes, $0
  61. Cross-Site Scripting in getMarketplacePurchaseFrame to Concrete CMS - 1 upvotes, $0
  62. XSS in Theme Preview Tools File to Concrete CMS - 1 upvotes, $0
  63. Stored XSS in concrete5 5.7.0.4. to Concrete CMS - 1 upvotes, $0
  64. Multiple Reflected Cross Site Scripting Vulnerabilities in Concrete5 version 5.7.3.1 to Concrete CMS - 1 upvotes, $0
  65. SQL Injection Vulnerability in Concrete5 version 5.7.3.1 to Concrete CMS - 1 upvotes, $0
  66. Stored XSS on Title of Page List in edit page list to Concrete CMS - 1 upvotes, $0
  67. Stored XSS on Search Title to Concrete CMS - 1 upvotes, $0
  68. Stored XSS in Contact Form to Concrete CMS - 1 upvotes, $0
  69. Stored XSS in Title of the topic List to Concrete CMS - 1 upvotes, $0
  70. Stored XSS in title of date navigation to Concrete CMS - 1 upvotes, $0
  71. Stored XSS in Feature tile to Concrete CMS - 1 upvotes, $0
  72. Stored Xss in Feature Paragraph to Concrete CMS - 1 upvotes, $0
  73. Stored XSS in Testimonial name to Concrete CMS - 1 upvotes, $0
  74. Stored XSS in testimonial Company to Concrete CMS - 1 upvotes, $0
  75. Stored XSS in Testimonial Position to Concrete CMS - 1 upvotes, $0
  76. Stored XSS In Company URL to Concrete CMS - 1 upvotes, $0
  77. Stored XSS in Image Alt. Text to Concrete CMS - 1 upvotes, $0
  78. Stored XSS in Message to Display When No Pages Listed. to Concrete CMS - 1 upvotes, $0
  79. Stored XSS in Bio/Quote to Concrete CMS - 1 upvotes, $0
  80. Stored XSS on Blog's page Tile to Concrete CMS - 1 upvotes, $0
  81. Self Xss on File Replace to Concrete CMS - 1 upvotes, $0
  82. Multiple XSS Vulnerabilities in Concrete5 5.7.3.1 to Concrete CMS - 1 upvotes, $0
  83. No csrf protection on index.php/ccm/system/user/add_group, index.php/ccm/system/user/remove_group to Concrete CMS - 1 upvotes, $0
  84. ProBlog 2.6.6 CSRF Exploit to Concrete CMS - 1 upvotes, $0
  85. Full Page Caching Stored XSS Vulnerability to Concrete CMS - 1 upvotes, $0
  86. open redirect to a remote website which can phish users to Concrete CMS - 1 upvotes, $0
  87. Host Header Injection allow HiJack Password Reset Link to Concrete CMS - 0 upvotes, $0