High severityNVD Advisory· Published Jul 28, 2020· Updated Aug 4, 2024
CVE-2020-11476
CVE-2020-11476
Description
Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
concrete5/concrete5Packagist | < 8.5.3 | 8.5.3 |
Affected products
2- Concrete5/Concrete5description
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-hf9p-9r39-r2h3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-11476ghsaADVISORY
- github.com/concrete5/concrete5/pull/8713ghsax_refsource_CONFIRMWEB
- github.com/concrete5/concrete5/releases/tag/8.5.3ghsax_refsource_CONFIRMWEB
- github.com/concretecms/concretecms/commit/d296f4ba4f6ad94b199c21c1b16f0d185adab343ghsaWEB
- herolab.usd.de/security-advisories/mitrex_refsource_MISC
- herolab.usd.de/security-advisories/usd-2020-0041ghsaWEB
- herolab.usd.de/security-advisories/usd-2020-0041/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.