GHSA-7vx2-5349-qj99

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-7vx2-5349-qj99/GHSA-7vx2-5349-qj99.json
Aliases
  • CVE-2022-46464
Published
2022-12-06T00:30:16Z
Modified
2023-03-18T05:49:08.404578Z
Details

ConcreteCMS v9.1.3 was discovered to be vulnerable to Xpath injection attacks. This vulnerability allows attackers to access sensitive XML data via a crafted payload injected into the URL path folder "3".

References

Affected packages

Packagist / concrete5/concrete5

concrete5/concrete5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0

Affected versions

8.*

8.0
8.0.1
8.0.2
8.0.3
8.1.0
8.2.0
8.2.0RC2
8.2.1
8.3.0
8.3.1
8.3.2
8.4.0
8.4.0RC3
8.4.0RC4
8.4.1
8.4.2
8.4.3
8.4.4
8.4.5
8.5.0
8.5.0RC1
8.5.0RC2
8.5.1
8.5.10
8.5.11
8.5.12
8.5.2
8.5.3
8.5.4
8.5.5
8.5.6
8.5.6RC1
8.5.7
8.5.8
8.5.9

9.*

9.0.0
9.0.0RC1
9.0.0RC3
9.0.0RC4
9.0.1
9.0.2
9.1.0
9.1.1
9.1.2
9.1.3

Database specific

{
    "last_known_affected_version_range": "<= 9.1.3"
}