CVE-2023-44763
- Reference to the description:
- Description:
- Concrete CMS v9.2.1 is affected by an Arbitrary File Upload vulnerability via a Thumbnail file upload, which allows Cross-Site Scripting (XSS). NOTE: the vendor's position is that a customer is supposed to know that "pdf" should be excluded from the allowed file types, even though pdf is one of the allowed file types in the default configuration.
- Last updated date:
- 08/02/2024
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 10/13/2023
- Reference url to background
https://github.com/sromanhu/ConcreteCMS-Arbitrary-file-upload-Thumbnail