Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands.
References
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-09-04T19:29:19

Updated: 2024-08-04T15:26:09.370Z

Reserved: 2020-08-28T00:00:00

Link: CVE-2020-24986

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2020-09-04T20:15:11.183

Modified: 2021-11-01T14:41:18.137

Link: CVE-2020-24986

cve-icon Redhat

No data.