Description
Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2019-2933 Vulnerability (CVE-2019-2933)
WordPress Plugin Slimstat Analytics Cross-Site Scripting (3.5.5)
WordPress Plugin Responsive Filterable Portfolio Unspecified Vulnerability (1.0.8)
MySQL CVE-2022-21264 Vulnerability (CVE-2022-21264)
WordPress Plugin Spectra-WordPress Gutenberg Blocks Cross-Site Scripting (1.25.5)