concrete5/concrete5 is vulnerable to arbitrary code execution. An attacker is able to submit malicious data to the function Logging::update_logging() in controllers/single_page/dashboard/system/environment/logging.php via logFile request parameter, to execute arbitrary code via unsafe deserialization.
CPE | Name | Operator | Version |
---|---|---|---|
concrete5/concrete5 | le | 9.0.0 | |
concrete5/core | le | 9.0.0 | |
concrete5/concrete5 | le | 9.0.0 | |
concrete5/core | le | 9.0.0 |
packetstormsecurity.com/files/163564/Concrete5-8.5.5-Phar-Deserialization.html
seclists.org/fulldisclosure/2021/Jul/36
github.com/concrete5/concrete5-core/blob/b7b26971f2e2ca7ce9bcc13a0e514365c4ec6744/controllers/single_page/dashboard/system/environment/logging.php#L61
github.com/concrete5/concrete5/blob/f8d0205853932d6a619939dc333b0ad42787e1aa/concrete/controllers/single_page/dashboard/system/environment/logging.php#L61-L130
hackerone.com/reports/1063039
seclists.org/fulldisclosure/2021/Jul/36