ConcreteCMS v9.1.3 was discovered to be vulnerable to Xpath injection attacks. This vulnerability allows attackers to access sensitive XML data via a crafted payload injected into the URL path folder "3".
concrete5/concrete5
{ "last_known_affected_version_range": "<= 9.1.3" }