Concrete CMS Login Panel Detected

low Web App Scanning Plugin ID 114292

Language:

Synopsis

Description

Concrete CMS Login Panel has been detected on the target web application.

This may present an attacker with an exploit vector which could be leveraged using other techniques, such as a Brute-Force or Dictionary Attack, allowing an attacker to gain access to administrative functionality.

Solution

Restrict access to administrative functionality using a .htaccess file, limiting access to known IP Addresses.

Plugin Details

Severity: Low

ID: 114292

Type: remote

Family: Web Applications

Published: 6/5/2024

Updated: 6/5/2024

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 2.2

CVSS v2

Risk Factor: Low

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Low

Base Score: 3.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CVSS Score Source: Tenable

Vulnerability Information

CPE: cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*

Reference Information

CWE: 16

OWASP: 2010-A6, 2013-A5, 2017-A6, 2021-A5

WASC: Application Misconfiguration

OWASP API: 2019-API7, 2023-API8

Detections

Analytics

Concrete CMS Login Panel Detected

low Web App Scanning Plugin ID 114292

Synopsis

Description

Solution

Plugin Details

Risk Information

VPR

CVSS v2

CVSS v3

Vulnerability Information

Reference Information