RCE Vulnerability in Concrete5 CMS Enabling Server Takeover

32
RCE Vulnerability

The open-source content management system, Concrete5 has addressed the new remote code execution (RCE) vulnerability, says a report by Edgescan. It has earlier exposed several websites to attacks.

The websites designed in on Concrete5 CMS is used by various high-profile agencies in the world – including BASF, the US Army, GlobalSign, REC, and more. Here, users can create and edit content directly from the page, with little or no advanced technical skills.

This flaw was found in the version 8.5.2 of Concrete5, claimed Edgescan. It could allow an attacker to insert a reverse shell in the vulnerable web servers and modify site configuration – taking full control of them.

Source: Securityweek