GHSA-7vx2-5349-qj99

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-7vx2-5349-qj99/GHSA-7vx2-5349-qj99.json

Aliases

CVE-2022-46464

Published

2022-12-06T00:30:16Z

Modified

2023-03-18T05:49:08.404578Z

Details

ConcreteCMS v9.1.3 was discovered to be vulnerable to Xpath injection attacks. This vulnerability allows attackers to access sensitive XML data via a crafted payload injected into the URL path folder "3".

References

https://nvd.nist.gov/vuln/detail/CVE-2022-46464
https://github.com/concretecms/concretecms
https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/concretecms.org/2022/concretecms-9.1.3

Affected packages

Packagist / concrete5/concrete5

concrete5/concrete5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0

Affected versions

8.*

8.0

8.0.1

8.0.2

8.0.3

8.1.0

8.2.0

8.2.0RC2

8.2.1

8.3.0

8.3.1

8.3.2

8.4.0

8.4.0RC3

8.4.0RC4

8.4.1

8.4.2

8.4.3

8.4.4

8.4.5

8.5.0

8.5.0RC1

8.5.0RC2

8.5.1

8.5.10

8.5.11

8.5.12

8.5.2

8.5.3

8.5.4

8.5.5

8.5.6

8.5.6RC1

8.5.7

8.5.8

8.5.9

9.*

9.0.0

9.0.0RC1

9.0.0RC3

9.0.0RC4

9.0.1

9.0.2

9.1.0

9.1.1

9.1.2

9.1.3

Database specific

{
    "last_known_affected_version_range": "<= 9.1.3"
}