This advisory has been withdrawn because it has been found not to be a security issue and withdrawn by its CNA. Please see the message from NVD here for more information. This link is maintained to preserve external references.
ConcreteCMS v9.1.3 was discovered to be vulnerable to Xpath injection attacks. This vulnerability allows attackers to access sensitive XML data via a crafted payload injected into the URL path folder "3".
{ "github_reviewed_at": "2022-12-06T15:35:16Z", "cwe_ids": [ "CWE-91" ], "nvd_published_at": "2022-12-05T23:15:00Z", "severity": "HIGH", "github_reviewed": true }