GHSA-r7vr-wg3f-8hr9

Опубликовано: 14 янв. 2026

Источник: github

Github: Прошло ревью

CVSS4: 6.9

CVSS3: 9.8

Описание

Concrete5 CMS contains an XPath injection vulnerability

Concrete5 CMS version 9.1.3 contains an XPath injection vulnerability that allows attackers to manipulate URL path parameters with malicious payloads. Attackers can flood the system with crafted requests to potentially extract internal content paths and system information.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2022-50807
https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/concretecms.org/2022/concretecms-9.1.3
https://www.concretecms.org
https://www.concretecms.org/download
https://www.exploit-db.com/exploits/51144
https://www.vulncheck.com/advisories/concrete-cme-xpath-injection

Пакеты

Наименование

concrete5/concrete5

composer

Затронутые версииВерсия исправления

= 9.1.3

Отсутствует

6.9 Medium

CVSS4

9.8 Critical

CVSS3

CVE ID

CVE-2022-50807

Дефекты

CWE-643

Связанные уязвимости

CVE-2022-50807

nvd

24 дня назад

Rejected reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue.

6.9 Medium

CVSS4

9.8 Critical

CVSS3

CVE ID

CVE-2022-50807

Дефекты

CWE-643