This issue does not affect versions of Concrete CMS below 8.5.10 or above 8.5.10 if the Microsoft application tile color is sanitized. This issue was resolved in Concrete CMS 9.1.3. Concrete CMS versions 9.0.0 to 9.0.7, 8.5.0 to 8.5.9, and 7.0.0 to 7.0.7 are vulnerable to Open Redirect (OR) since the Concrete CMS login page does not validate user input. This issue did not affect Concrete CMS 7.0.0 to 7.0.6, 6.1.0 to 6.1.5, and 6.0.0 to 6.0.4. This issue was resolved in Concrete CMS 8.5.10. Concrete CMS versions 7.0.0 to 7.0.6, 6.1.0 to 6.1.5, and 6.0.0 to 6.0.4 are vulnerable to SQL Injection (SQLi) due to users having permission to create content types of the “Event” type. This issue did not affect Concrete CMS 6.1.0 to 6.1.4, 6.0.0 to 6.0.3, and 5.1.1 to 5.1.2. This issue was resolved in Concrete CMS 8.5.10. Concrete CMS versions 6

Overview

The following are some of the most common reasons your company might need to work with a digital marketing agency.
-Not enough time and expertise within your in-house team -Wanting to reach an audience that is not currently being reached by your website -Seeking help with optimizing and engaging users on your website

SQL Injection (SQLi)

SQL Injection (SQLi)

With the Concrete CMS login page not validating user input, it is possible to inject SQL queries that could allow users to gain access to data without the proper permissions. This issue does not affect versions of Concrete CMS below 8.5.10 or above 8.5.10 if the Microsoft application tile color is sanitized. This issue was resolved in Concrete CMS 8.5.10.

Timeline

Published on: 11/14/2022 23:15:00 UTC
Last modified on: 11/17/2022 04:58:00 UTC

References