CVE-2021-40099

CVE-2021-40099

EPSS 2.0%

An issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP leads to remote code execution.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes https://hackerone.com/reports/982130