Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://hackerone.com/reports/768322 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-09-04T19:29:19
Updated: 2024-08-04T15:26:09.370Z
Reserved: 2020-08-28T00:00:00
Link: CVE-2020-24986
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-09-04T20:15:11.183
Modified: 2021-11-01T14:41:18.137
Link: CVE-2020-24986
Redhat
No data.