concrete5/core is vulnerable to remote code execution. The vulnerability exists due to insecure http requests which allow an attacker to inject and execute arbitrary codes into the system.
CPE | Name | Operator | Version |
---|---|---|---|
concrete5/core | le | 8.5.7 | |
concrete5/core | le | 9.0.2 | |
concrete5/core | le | 8.5.7 | |
concrete5/core | le | 9.0.2 |
documentation.concretecms.org/developers/introduction/version-history/858-release-notes
documentation.concretecms.org/developers/introduction/version-history/910-release-notes,
github.com/advisories/GHSA-6xc4-7fmm-65q2
github.com/concretecms/concretecms-core/commit/3360e39da7ea95e3196d966d25801f9346c4774e
github.com/concretecms/concretecms-core/commit/e35f5af37b0ce22133a875fb2f338bc7dc3115f7
hackerone.com/reports/1482520
hackerone.com/reports/1482520,