Description Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file. Remediation References CVE-2020-11476 Related Vulnerabilities WordPress Plugin Sell Downloads Cross-Site Scripting (1.0.86) Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-11812) WordPress Plugin Flip Slideshow Cross-Site Scripting (2.2) WordPress Plugin Users Ultra Membership Arbitrary File Upload (1.5.58) Apache read beyond bounds in mod_isapi Vulnerability (CVE-2022-28330) Severity High Classification CVE-2020-11476 CWE-434 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities