PT-2022-27002 · Unknown · Concrete Cms
Adrian Tiron
+1
·
Published
2022-11-14
·
Updated
2025-04-30
·
CVE-2022-43686
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Concrete CMS (formerly concrete5) versions 9.0.0 through 9.1.2
Concrete CMS (formerly concrete5) versions prior to 8.5.10
Description
The issue allows the authTypeConcreteCookieMap table to be filled up, causing a denial of service due to high load.
Recommendations
For versions prior to 8.5.10, update to version 8.5.10 or later.
For versions 9.0.0 through 9.1.2, update to a version later than 9.1.2.
Fix
DoS
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Concrete Cms