Application Security London - Vulnerability Research


Multiple Concrete CMS vulnerabilities ( part1 – RCE )

Concrete CMS is designed for ease of use, for users with a minimum of technical skills. It enables users to edit site content directly from the page. It provides  version management for every page, similar to wiki software, another type of web site development software. Concrete5 allows users to edit images through an embedded editor on the page. As of 2021, there are over 62,000 live websites that use Concrete CMS under the hood. During a recent pentest, our team found a very interesting vulnerability. Discovery of the vulnerability was relatively simple (a race condition), however creating a POC was quite challenging, hence the reason for this post. You will need a low privileged user to exploit this vulnerability and gain RCE in Concrete CMS.