Moderate severity vulnerability was found in composer concrete5/core (composer) .

Unauthorized individuals could view password protected files using view_inline in Concrete CMS (previously concrete 5) prior to version 8.5.7. Concrete CMS now checks to see if a file has a password in view_inline and, if it does, the file is not rendered.For version 8.5.6, the following mitigations were put in place a. restricting file types for view_inline to images only b. putting a warning in the file manager to advise users.

References


Courtesy:https://github.com/advisories/GHSA-rhf5-f553-xg82

By admin

Leave a Reply

Your email address will not be published. Required fields are marked *