CVE-2021-40097

CVE-2021-40097

EPSS 2.4%

An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes https://hackerone.com/reports/1102067