CVE-2022-43689

Name of the Vulnerable Software and Affected Versions Concrete CMS (formerly concrete5) versions below 8.5.10 Concrete CMS (formerly concrete5) versions 9.0.0 through 9.1.2

Description The issue allows for XXE based DNS requests, which can lead to IP disclosure. This occurs due to a vulnerability in the Concrete CMS software, where an attacker can exploit the XML External Entity (XXE) feature to make unauthorized DNS requests, potentially revealing the IP address of the system.

Recommendations For versions below 8.5.10, update to version 8.5.10 or later. For versions 9.0.0 through 9.1.2, update to version 9.1.3 or later.