A serious vulnerability means it is now time to update your Concrete5 website

There is a flaw in Concrete5 CMS prior to version 8.5.6 which means hackers can gain control of your website and any personal data held within it.

This vulnerability within Concrete5 which it can potentially be hacked.  The good news is that v8.5.6 of Concrete5 has been released to address this vulnerability and we recommend all clients update to it  asap.  

According to SecurityAffairs.co, the specific version targeted is v8.5.2

Unfortunately, not doing this update means that the site could be hacked which would take it over, add malicious code even take it down.  There could also be a leak of personal details or other data, so this is a very serious situation.  

The cleanup process can potentially then be difficult and expensive, because you would need to find all of the malicious code and any added files that the hackers place around the site.

Rest assured Concrete5 remains an excellent platform with a good level of security.  If websites are kept up to date, a Concrete5 website can last a very long time with only very minimal, occasional updates.

Therefore prevention is much better than cure in this case, so we recommend updating to 8.5.6+ as soon as possible.  We are working through our clients sites updating them.  If you need help updating your website please get in touch as soon as possible using the details below: