Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
ConcreteCMS v9.4.7 contains a Denial of Service (DoS) vulnerability in the File Manager component. The 'download' method in 'concrete/controllers/backend/file.php' improperly manages memory when creating zip archives. It uses 'ZipArchive::addFromString' combined with 'file_get_contents', which loads the entire content of every selected file into PHP memory. An authenticated attacker can exploit this by requesting a bulk download of large files, triggering an Out-Of-Memory (OOM) condition that causes the PHP-FPM process to terminate (SIGSEGV) and the web server to return a 500 error.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
concretecms 资源管理错误漏洞
Vulnerability Description
concretecms是Concrete CMS开源的一个内容管理系统。 ConcreteCMS v9.4.7版本存在资源管理错误漏洞,该漏洞源于文件管理器组件创建zip存档时内存管理不当,可能导致内存耗尽和拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A