Path traversal

2021-09-2712:15:00

PRIOn knowledge base

www.prio-n.com

9 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.1%

JSON

An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter.

CPENameOperatorVersion
concrete_cmsle8.5.5

CPE	Name	Operator	Version
	concrete_cms	le	8.5.5

References

documentation.concretecms.org/developers/introduction/version-history/856-release-notes

hackerone.com/reports/1102067