GHSA-7vx2-5349-qj99
Suggest an improvement- Source
- https://github.com/advisories/GHSA-7vx2-5349-qj99
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-7vx2-5349-qj99/GHSA-7vx2-5349-qj99.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-7vx2-5349-qj99
- Withdrawn
- 2023-06-06T18:32:24Z
- Published
- 2022-12-06T00:30:16Z
- Modified
- 2024-02-16T08:20:22.023173Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Withdrawn: ConcreteCMS vulnerable to Xpath injection attacks
- Details
-
Withdrawn
This advisory has been withdrawn because it has been found not to be a security issue and withdrawn by its CNA. Please see the message from NVD here for more information. This link is maintained to preserve external references.
Original Description
ConcreteCMS v9.1.3 was discovered to be vulnerable to Xpath injection attacks. This vulnerability allows attackers to access sensitive XML data via a crafted payload injected into the URL path folder "3".
- Database specific
{ "github_reviewed_at": "2022-12-06T15:35:16Z", "cwe_ids": [ "CWE-91" ], "nvd_published_at": "2022-12-05T23:15:00Z", "severity": "HIGH", "github_reviewed": true }- References
Affected packages
Packagist / concrete5/concrete5
Package
- Name
- concrete5/concrete5
- Purl
- pkg:composer/concrete5/concrete5
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected9.1.3
Affected versions
8.*
8.0
8.0.1
8.0.2
8.0.3
8.1.0
8.2.0RC2
8.2.0
8.2.1
8.3.0
8.3.1
8.3.2
8.4.0RC3
8.4.0RC4
8.4.0
8.4.1
8.4.2
8.4.3
8.4.4
8.4.5
8.5.0RC1
8.5.0RC2
8.5.0
8.5.1
8.5.2
8.5.3
8.5.4
8.5.5
8.5.6RC1
8.5.6
8.5.7
8.5.8
8.5.9
8.5.10
8.5.11
8.5.12
8.5.13
8.5.14
8.5.15
8.5.99
9.*
9.0.0RC1
9.0.0RC3
9.0.0RC4
9.0.0
9.0.1
9.0.2
9.1.0
9.1.1
9.1.2
9.1.3