GHSA-q48r-xg9h-78m8, CVE-2022-43689
packagist/concrete5/concrete5
Improper Restriction of XML External Entity Reference
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XXE based DNS requests leading to IP disclosure.
All versions before 8.5.10, all versions starting from 9.0.0 before 9.1.2
Upgrade to versions 8.5.10, 9.1.2 or above.
2022-11-22
source |