Description
Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands.
Remediation
References
Related Vulnerabilities
WordPress Plugin Welcart e-Commerce PHP Object Injection (1.9.3)
Internet Information Services Other Vulnerability (CVE-2003-0225)
WordPress Plugin Essential Content Types Security Bypass (1.4)
WordPress Plugin Related Sites 'guid' Parameter SQL Injection (2.1)
WordPress Plugin ABC Test 'id' Parameter Cross-Site Scripting (0.1)