Unrated severityNVD Advisory· Published Sep 27, 2021· Updated Aug 4, 2024
CVE-2021-40097
CVE-2021-40097
Description
An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Concrete CMS/Concrete CMSdescription
Patches
Vulnerability mechanics
References
2- documentation.concretecms.org/developers/introduction/version-history/856-release-notesmitrex_refsource_MISC
- hackerone.com/reports/1102067mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.