A vulnerability was found in Concrete CMS up to 8.5.5 (Content Management System) and classified as critical. Affected by this issue is the function is_dir of the component Phar Deserialization. Upgrading to version 8.5.6 eliminates this vulnerability. The upgrade is hosted for download at documentation.concretecms.org.
Concrete CMS up to 8.5.5 Phar Deserialization is_dir deserialization
- Virtual Patching
- September 24, 2021
- 6:04 pm
- Virtual Patching
- September 24, 2021
- 6:04 pm
Common Vulnerabilityies and Exposures
Contact us to get started
CVE-2023-1501 : ROCKOA 2.3.2 ACLOUDCOSACTION.PHP.SQL RUNACTION FILEID UNRESTRICTED UPLOAD
Description A vulnerability, which was classified as critical, was found in RockOA 2.3.2. This affects the function runAction of the
CVE-2023-28116 : CONTIKI-NG UP TO 4.8/4.9 BLE L2CAP MODULE PACKETBUF_SIZE BUFFER OVERFLOW
Description Contiki-NG is an open-source, cross-platform operating system for internet of things (IoT) devices. In versions 4.8 and prior, an
CVE-2023-1256 : AVEVA PLANT SCADA/TELEMETRY SERVER IMPROPER AUTHORIZATION
Description The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which