PT-2026-2364 · Unknown · Concrete5 Cms

Nu11Secur1Ty

Published

2026-01-13

Updated

2026-01-15

CVE-2022-50807

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Concrete5 CMS version 9.1.3

Description Concrete5 CMS version 9.1.3 is subject to an XPath injection issue. Attackers can manipulate URL path parameters with malicious payloads. By sending crafted requests, attackers may be able to extract internal content paths and system information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-643

Related Identifiers

CVE-2022-50807

GHSA-R7VR-WG3F-8HR9

Affected Products

Concrete5 Cms

PT-2026-2364 · Unknown · Concrete5 Cms

CVE-2022-50807

Weakness Enumeration

Related Identifiers

Affected Products

References · 10