PT-2021-22812 · Unknown · Concrete Cms

Published

2021-09-27

Updated

2021-10-01

CVE-2021-40103

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Concrete CMS versions through 8.5.5

Description An issue in Concrete CMS allows Path Traversal, which can lead to Arbitrary File Reading and Server-Side Request Forgery (SSRF).

Recommendations For versions through 8.5.5, update to a version later than 8.5.5 to resolve the issue.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

CVE-2021-40103

Concrete Cms