CVE-2021-22968
A bypass of adding remote files in Concrete CMS previously concrete5 File Manager leads to remote code execution in Concrete CMS concrete5 versions 8.5.6 and below.The external file upload feature stages files in the public directory even if they have disallowed file extensions. They are stored i...