Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv3

CVE-2021-22968

Published: 19/11/2021 Updated: 30/06/2023
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Concrete Cms

Vulnerability Summary

A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concrete CMS (concrete5) versions 8.5.6 and below.The external file upload feature stages files in the public directory even if they have disallowed file extensions. They are stored in a directory with a random name, but it's possible to stall the uploads and brute force the directory name. You have to be an admin with the ability to upload files, but this bug gives you the ability to upload restricted file types and execute them depending on server configuration.To fix this, a check for allowed file extensions was added before downloading files to a tmp directory.Concrete CMS Security Team gave this a CVSS v3.1 score of 5.4 AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:NThis fix is also in Concrete version 9.0.0

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

concretecms concrete cms

Github Repositories

https://github.com/FORTBRIDGE-UK/concrete-cms

concrete-cms Concrete5-CMS RCE (CVE-2021-22968) Affected versions 856 and 900 Full write-up at: wwwfortbridgecouk/research/multiple-vulnerabilities-in-concrete-cms-part1-rce/ Steps to reproduce upload testphp somewhere accessible for the vulnerable server you need a valid upload request in requesttxt you need to start scriptpy as a Turbo Intruder script - thi

References

CWE-330CWE-434https://hackerone.com/reports/1350444https://documentation.concretecms.org/developers/introduction/version-history/857-release-noteshttps://nvd.nist.govhttps://github.com/FORTBRIDGE-UK/concrete-cms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middleCVE-2024-34558CVE-2024-32674CVE-2024-34351XPath injectionCVE-2023-45866CVE-2024-25528CVE-2024-25517path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook