Описание
An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter.
Ссылки
- Release NotesVendor Advisory
- Permissions RequiredThird Party Advisory
- Release NotesVendor Advisory
- Permissions RequiredThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.5.5 (включая)
cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 88%
0.04123
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter.
EPSS
Процентиль: 88%
0.04123
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-22