CVE-2021-40097

CVE-2021-40097

EPSS 2.4%

An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes https://hackerone.com/reports/1102067