CVE-2021-40097

An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter.
References
Link Resource
https://hackerone.com/reports/1102067 Permissions Required Third Party Advisory
https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes Release Notes Vendor Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*

Information

Published : 2021-09-27 05:15

Updated : 2021-10-01 13:37


NVD link : CVE-2021-40097

Mitre link : CVE-2021-40097


JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa

Products Affected

concretecms

  • concrete_cms