Описание
Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.5.2 (включая)
cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00733
Низкий
7.2 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-434
Связанные уязвимости
github
больше 3 лет назад
Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands.
EPSS
Процентиль: 72%
0.00733
Низкий
7.2 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-434