Insecure handling of dangerous files in Concrete5



Published: 2020-09-07
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2020-24986
CWE ID CWE-264
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
concrete5
Web applications / CMS

Vendor PortlandLabs

Security Advisory

This security advisory describes one low risk vulnerability.

1) Security restricitons bypass

Risk: Low

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-24986

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary PHP code.

The vulnerability exists due to application allows Concrete5 administrators to allow uploading of .php files to the server via File Manager. Once PHP files are allowed, a remote unprivileged user can upload and execute arbitrary PHP file on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

concrete5: 8.0, 8.0.1, 8.0.2, 8.0.3, 8.1.0, 8.2.0, 8.2.1, 8.3.0, 8.3.1, 8.3.2, 8.4.0, 8.4.1, 8.4.2, 8.4.4, 8.4.5, 8.5.0, 8.5.1, 8.5.2

CPE External links

https://hackerone.com/reports/768322

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



ImmuniWeb® AI Platform for Application Security Testing