Insecure handling of dangerous files in Concrete5
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2020-24986 |
| CWE-ID | CWE-264 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
concrete5 Web applications / CMS |
| Vendor | PortlandLabs |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Security restricitons bypass
EUVDB-ID: #VU46308
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-24986
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary PHP code.
The vulnerability exists due to application allows Concrete5 administrators to allow uploading of .php files to the server via File Manager. Once PHP files are allowed, a remote unprivileged user can upload and execute arbitrary PHP file on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsconcrete5: 8.0 - 8.5.2
External linkshttp://hackerone.com/reports/768322
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
