CVE-2021-40097
Concrete CMS up to version 8.5.5 is affected by an authenticated path traversal leading to remote code execution via uploaded PHP code, related to the bFilename parameter. Several sources (NVD/OSV/OpenVAS CNVD) corroborate that concrete/cms 8.5.x prior to 8.5.6 are vulnerable due to a path traver...