concrete5/concrete5 is vulnerable to remote code execution. An attacker is able to inject and execute malicious code via external file upload feature because, the library stages files in the public directory even when they have disallowed file extensions.
CPE | Name | Operator | Version |
---|---|---|---|
concrete5/concrete5 | le | 9.0.0RC4 | |
concrete5/core | le | 9.0.0RC4 | |
concrete5/concrete5 | le | 9.0.0RC4 | |
concrete5/core | le | 9.0.0RC4 |