PT-2026-2364 · Unknown · Concrete5 Cms

Nu11Secur1Ty

Publicado

2026-01-13

Atualizado

2026-01-15

CVE-2022-50807

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Concrete5 CMS version 9.1.3

Description Concrete5 CMS version 9.1.3 is subject to an XPath injection issue. Attackers can manipulate URL path parameters with malicious payloads. By sending crafted requests, attackers may be able to extract internal content paths and system information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-643

Identificadores relacionados

CVE-2022-50807

GHSA-R7VR-WG3F-8HR9

Produtos afetados

Concrete5 Cms

PT-2026-2364 · Unknown · Concrete5 Cms

CVE-2022-50807

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10