Authenticated Path Traversal and Remote Code Execution via Uploaded PHP Code in Concrete CMS

CVE-2021-40097 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter.

Learn more about our Cms Pen Testing.