CVE-2021-40097

An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter.
References
Link Resource
https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes Release Notes Vendor Advisory
https://hackerone.com/reports/1102067 Permissions Required Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-09-27 12:15

Updated : 2024-02-28 18:48


NVD link : CVE-2021-40097

Mitre link : CVE-2021-40097

CVE.ORG link : CVE-2021-40097


JSON object : View

Products Affected

concretecms

  • concrete_cms
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')