CVE-2022-43689
Improper Restriction of XML External Entity Reference in packagist/concrete5/concrete5
Identifiers
GHSA-q48r-xg9h-78m8, CVE-2022-43689
Package Slug
packagist/concrete5/concrete5
Vulnerability
Improper Restriction of XML External Entity Reference
Description
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XXE based DNS requests leading to IP disclosure.
Affected Versions
All versions before 8.5.10, all versions starting from 9.0.0 before 9.1.2
Solution
Upgrade to versions 8.5.10, 9.1.2 or above.
Last Modified
2022-11-22
| source |