CVE-2021-40098

Name of the Vulnerable Software and Affected Versions Concrete CMS versions through 8.5.5

Description An issue was discovered in Concrete CMS, allowing Path Traversal leading to Remote Code Execution (RCE) via an external form by adding a regular expression.

Recommendations For versions through 8.5.5, consider restricting access to external forms to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using external forms that allow regular expressions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.