Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

concrete5 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-11476)

Description

Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file.

Remediation

References

Related Vulnerabilities

WordPress Plugin Kanzu Support Desk-WordPress Helpdesk Remote Code Execution (2.4.6)

Django Improper Authentication Vulnerability (CVE-2013-1443)

MySQL CVE-2018-3278 Vulnerability (CVE-2018-3278)

WordPress Plugin All in One Support Button+Callback Request. WhatsApp, Messenger, Telegram, LiveChat and more Cross-Site Scripting (1.8.7)

WordPress Plugin AnyComment Cross-Site Scripting (0.0.32)

Severity

High

Classification

CVE-2020-11476 CWE-434 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities