CVE-2020-24986: Malicious File Upload
First published: Fri Sep 04 2020(Updated: )
Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Concretecms Concrete Cms | <=8.5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-24986?
CVE-2020-24986 is a vulnerability in Concrete5 up to and including version 8.5.2 that allows for the unrestricted upload of files with dangerous types, such as .php files, via the File Manager.
How severe is CVE-2020-24986?
CVE-2020-24986 has a severity level of 7.2, which is considered critical.
How does CVE-2020-24986 affect Concrete5?
CVE-2020-24986 affects Concrete5 versions up to and including 8.5.2, allowing for the upload of files with dangerous types and the potential execution of arbitrary commands.
What is the Common Weakness Enumeration (CWE) for CVE-2020-24986?
CVE-2020-24986 is associated with CWE-434, which is the Unrestricted Upload of File with Dangerous Type vulnerability.
Is there a reference for CVE-2020-24986?
Yes, you can find more information about CVE-2020-24986 at the following link: https://hackerone.com/reports/768322
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/concretecms
- canonical/concretecms concrete cms
- version/concretecms concrete cms/8.5.2