concrete5/concrete5 is vulnerable to path traversal. The vulnerability exists because the getFileToImport
function of file.php
does not properly disable the chunk when uploading the files, allowing an attacker to access files outside the expected directory and delete the arbitrary files.
CPE | Name | Operator | Version |
---|---|---|---|
concrete5/concrete5 | le | 9.0.2 | |
concrete5/concrete5 | le | 8.5.8 | |
concrete5/concrete5 | le | 9.0.2 | |
concrete5/concrete5 | le | 8.5.8 |
documentation.concretecms.org/developers/introduction/version-history/858-release-notes
documentation.concretecms.org/developers/introduction/version-history/910-release-notes
github.com/advisories/GHSA-3jxh-6635-6jwp
github.com/concretecms/concretecms/commit/4fcd03c19bd146722579309117d1ba73f269f6f2
github.com/concretecms/concretecms/commit/903e5b42cc5c69de66dcff059b5879c8dc709dc8
github.com/concretecms/concretecms/issues/10559
github.com/concretecms/concretecms/pull/10344
hackerone.com/reports/1482280