CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ⬡ Vulnerabilities & CVEs May 22, 2026

CVE-2026-8134 | Concrete CMS up to 9.5.0 File Upload ptComposerFormLayoutSetControlCustomTemplate filename control (EUVD-2026-31335)

VulDB Archived May 22, 2026 ! Full text unavailable

A vulnerability labeled as problematic has been found in Concrete CMS up to 9.5.0 . The affected element is an unknown function of the component File Upload Handler . Executing a manipulation of the argument ptComposerFormLayoutSetControlCustomTemplate can lead to improper control of filename for include/require statement in php program ('php remote file inclusion'). The identification of this vulnerability is CVE-2026-8134 . The attack may be launched remotely. There is no exploit available.

Full text unavailable — view original
✦ AI Summary · Claude Sonnet


    Full text unavailable.
    Open original ↗
    💬 Team Notes
    Article Info
    Source
    VulDB
    Category
    ⬡ Vulnerabilities & CVEs
    Published
    May 22, 2026
    Archived
    May 22, 2026
    Full Text
    ✗ Not available
    Open Original ↗