We recommend that you investigate whether your hosting environment is vulnerable to PWNKIT CVE CVE-2021-4034, a major Linux vulnerability so hot off the presses that the CVE is still in “reserved” status. This vulnerability allows basic users to gain root access. If your environment is vulnerable, either update your Linux OS or, if no patches are available for your operating system, remove the SUID-bit from pkexec as a temporary mitigation. For example, this root-powered shell command will stop attacks:
Fixing this vulnerability is especially important for shared hosting accounts. It is also important to make sure that your webservers are not set to execute any files uploaded to your storage location as described in Concrete CMS Configuration Best Practices as an added precaution to protect against this exploit.