A remote code execution (RCE) vulnerability affecting the Concrete5 CMS exposed numerous servers to full takeover, experts warn. The vulnerability was discovered by researchers from Edgescan, it could be exploited by an attacker to inject a reverse shellcode into vulnerable web servers allowing him to take full control of them. Experts pointed out that the flaw could have been exploited to add PHP extension in the list of allowed extensions and then upload the file to execute arbitrary commands. A step by step procedure to reproduce to exploit the flaw was published on HackerOne.”]
Source: https://securityaffairs.co/wordpress/107294/security/concrete5-cms-rce.html