An issue exists in Concrete CMS up to and including 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
concretecms concrete cms |