HomePentest-Tools.com Logo

Concrete5 < 8.5.3 Multiple Vulnerabilities CVE-2020-14961CVE-2020-11476CVE-2020-24986

Severity
CVSSv3 Score
7.2
Vulnerability description

Concrete5 is prone to multiple vulnerabilities.

Risk description

The following vulnerabilities exist: - The sort direction is not constrained to a valid asc or desc value (CVE-2020-14961) - Unrestricted upload of files with dangerous types such as a .phar files (CVE-2020-11476) - Unrestricted Upload of files with dangerous types such as a .php files via File Manager (CVE-2020-24986)

Recommendation

Update to version 8.5.3 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jul 28, 2020
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available