Browse all 1 CVE security advisories affecting Concrete CMS . AI-powered Chinese analysis, POCs, and references for each vulnerability.
Concrete CMS is an open-source content management system designed for building and managing websites, primarily targeting small to medium-sized enterprises and organizations requiring flexible content structures. Historically, its codebase has exhibited vulnerabilities typical of PHP-based applications, including remote code execution, cross-site scripting, and privilege escalation flaws. These issues often stem from insufficient input validation and improper access controls within legacy modules. Security audits have identified multiple critical entries, with twenty-seven CVEs currently on record, reflecting persistent challenges in maintaining secure coding practices across its extensive feature set. Notable incidents involve exploited authentication bypasses and file inclusion errors that allowed unauthorized access to sensitive data. While recent updates have addressed many of these weaknesses, the high volume of historical vulnerabilities underscores the necessity for rigorous code review and continuous security monitoring to mitigate risks associated with its widespread deployment in diverse web environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-1246 | Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature — Concrete CMS CWE-20 | 2.0 | Low | 2024-02-09 |
This page lists every published CVE security advisory associated with Concrete CMS . Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.