CVE-2026-8134 | Concrete CMS up to 9.5.0 File Upload ptComposerFormLayoutSetControlCustomTemplate filename control

A vulnerability labeled as problematic has been found in Concrete CMS up to 9.5.0. The affected element is an unknown function of the component File Upload Handler. Executing a manipulation of the argument ptComposerFormLayoutSetControlCustomTemplate can lead to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

The identification of this vulnerability is CVE-2026-8134. The attack may be launched remotely. There is no exploit available.

CVE-2026-8134 | Concrete CMS up to 9.5.0 File Upload ptComposerFormLayoutSetControlCustomTemplate filename control

Post correlati

CVE-2024-39732 | IBM Datacap Navigator 9.1.5/9.1.6/9.1.7/9.1.8/9.1.9 sensitive information in memory (XFDB-295791)

CVE-2023-48342 | Unisoc S8000 Media Service out-of-bounds write

CVE-2024-8760 | Stackable Plugin up to 3.13.6 on WordPress CSS injection

CVE-2026-20050 | Cisco Secure Firewall Threat Defense Software up to 7.7.10.1 SSL Decryption Policy denial of service (cisco-sa-ftd-dnd-dos-bpEcg7B7)