2 matches found
Concrete CMS < 8.5.7 Multiple Vulnerabilities
Concrete CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:concretecms:concretecms"; if...
CVE-2021-22968
Summary of CVE-2021-22968 (Concrete CMS / concrete5): A bypass in the File Manager’s external file upload allows remote code execution in Concrete CMS versions 8.5.6 and earlier. The feature stages uploaded files in the public directory even when their extensions are disallowed, storing them in a...