Authenticated Path Traversal and Remote Code Execution via Uploaded PHP Code in Concrete CMS
CVE-2021-40097 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter.
Learn more about our Cms Pen Testing.