3 matches found
CVE-2022-21829
Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Fixed by enforcing ‘concretesecure’ instead of ‘concrete’. Concrete now only makes requests over https even a request comes in via http...
CVE-2022-21829
Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Fixed by enforcing ‘concretesecure’ instead of ‘concrete’. Concrete now only makes requests over https even a request comes in via http...
CVE-2022-21829
CVE-2022-21829 affects Concrete CMS, specifically versions 9.0.0–9.0.2 and 8.5.7 and earlier. The issue allows an attacker to download zip files over HTTP and execute code from those zips, enabling remote code execution (RCE). The root cause is insecure HTTP requests for zip handling, which can b...