concrete5/concrete5 allows unrestricted file uploads. An attacker is able to upload a malicious PHP file with a file extension such as .phar
, which would cause the server to execute PHP codes within the file under the context of the server.
CPE | Name | Operator | Version |
---|---|---|---|
concrete5/concrete5 | le | 8.5.2 | |
concrete5/concrete5 | le | 8.5.2 |