Multiple vulnerabilities in Concrete CMS – part2 (PrivEsc/SSRF/etc)

Intro We have previously wrote about Concrete CMS here. In that post we described how we managed to exploit a double race condition vulnerability in the file upload functionality in order to obtain remote command execution. In this blog post we will present multiple vulnerabilities in Concrete CMS that we have found at the end

Joomla password reset vulnerability and a stored XSS for full compromise

Intro Joomla is one of the most popular CMS-es with over 1.5 million installations world-wide. We pentested Joomla 3.9.24 and found a password reset vulnerability which we chained with a set of vulnerabilities and features to achieve full compromise of the underlying server. Joomla has a strong OOP architecture and a large codebase. Strong input validation