Lucene search
PRIOn knowledge basePRION:CVE-2022-30117HistoryJun 24, 2022 - 3:15 p.m.
Design/Logic Flaw
2022-06-2415:15:00
PRIOn knowledge base
www.prio-n.com
4
Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. This was remediated by sanitizing /index.php/ccm/system/file/upload to ensure Concrete doesnβt allow traversal and by changing isFullChunkFilePresent to have an early false return when input doesnβt match expectations.Concrete CMS Security team ranked this 5.8 with CVSS v3.1 vector AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H. Credit to Siebene for reporting.
| CPE | Name | Operator | Version |
|---|---|---|---|
| concrete_cms | ge | 9.0.0 | |
| concrete_cms | lt | 9.1.0 | |
| concrete_cms | lt | 8.5.8 |
Related
cnvd
cnvd
PortlandLabs Concrete CMS Arbitrary File Deletion Vulnerability
2022-06-28 00:00:00
nvd
nvd
CVE-2022-30117
2022-06-24 15:15:10
osv
osv
Path traversal in Concrete CMS
2022-06-25 00:00:54
github
github
Path traversal in Concrete CMS
2022-06-25 00:00:54
cve
cve
CVE-2022-30117
2022-06-24 15:15:10
veracode
veracode
Path Traversal
2022-06-27 04:42:26
cvelist
cvelist
CVE-2022-30117
2022-06-24 14:59:59