CVE-2022-50807: Concrete5 CMS contains an XPath injection vulnerability
Concrete5 CMS version 9.1.3 contains an XPath injection vulnerability that allows attackers to manipulate URL path parameters with malicious payloads. Attackers can flood the system with crafted requests to potentially extract internal content paths and system information.
References
- github.com/advisories/GHSA-r7vr-wg3f-8hr9
- github.com/concretecms/concretecms
- github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/concretecms.org/2022/concretecms-9.1.3
- nvd.nist.gov/vuln/detail/CVE-2022-50807
- www.concretecms.org/
- www.concretecms.org/download
- www.exploit-db.com/exploits/51144
- www.vulncheck.com/advisories/concrete-cme-xpath-injection
Code Behaviors & Features
Detect and mitigate CVE-2022-50807 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →