Описание
Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Fixed by enforcing ‘concrete_secure’ instead of ‘concrete’. Concrete now only makes requests over https even a request comes in via http. Concrete CMS security team ranked this 8 with CVSS v3.1 vector: AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Credit goes to Anna for reporting HackerOne 1482520.
Ссылки
- Release NotesVendor Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.5.8 (исключая)Версия от 9.0.0 (включая) до 9.1.0 (исключая)
Одно из
cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*
cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 68%
0.00567
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-319
CWE-319
Связанные уязвимости
EPSS
Процентиль: 68%
0.00567
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-319
CWE-319