Описание
Withdrawn: ConcreteCMS vulnerable to Xpath injection attacks
Withdrawn
This advisory has been withdrawn because it has been found not to be a security issue and withdrawn by its CNA. Please see the message from NVD here for more information. This link is maintained to preserve external references.
Original Description
ConcreteCMS v9.1.3 was discovered to be vulnerable to Xpath injection attacks. This vulnerability allows attackers to access sensitive XML data via a crafted payload injected into the URL path folder "3".
Пакеты
Наименование
concrete5/concrete5
composer
Затронутые версииВерсия исправления
<= 9.1.3
Отсутствует
Связанные уязвимости
nvd
около 3 лет назад
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.