Primary

Context

Concrete CMS Path Traversal Vulnerability Leading to Authenticated Remote Code Execution

Vulnerability

Patched

A vulnerability in Concrete CMS versions through 9.5.0 allows for path traversal attacks via the ptComposerFormLayoutSetControlCustomTemplate field. This issue arises when saving page type composer form layouts, as the application fails to properly sanitize traversal sequences. An authenticated rogue administrator with rights to edit composer forms can exploit this flaw to include arbitrary readable files from the server. Furthermore, this vulnerability can be combined with the file uploader's extension-only validation, which mistakenly allows PHP code to be executed in files saved with image extensions like .png. This could result in authenticated remote code execution.

Impact

Exploitation of this vulnerability could lead to authenticated remote code execution on the server.

Remediation

Users can upgrade to Concrete CMS version 9.5.1 or later to address this vulnerability.

Added: May 21, 2026, 9:31 PM

Updated: May 21, 2026, 9:31 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

7.5

exploitability

4.4

remediation

7.7

relevance

9.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

7.5

exploitability

4.4

remediation

7.7

relevance

9.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Concrete CMS Path Traversal Vulnerability Leading to Authenticated Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

Concrete CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating