CVE-2022-50807

Rejected reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue.
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

14 Jan 2026, 19:16

Type Values Removed Values Added
Summary (en) Concrete5 CMS version 9.1.3 contains an XPath injection vulnerability that allows attackers to manipulate URL path parameters with malicious payloads. Attackers can flood the system with crafted requests to potentially extract internal content paths and system information. (en) Rejected reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue.
References
  • {'url': 'https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/concretecms.org/2022/concretecms-9.1.3', 'source': 'disclosure@vulncheck.com'}
  • {'url': 'https://www.concretecms.org/', 'source': 'disclosure@vulncheck.com'}
  • {'url': 'https://www.concretecms.org/download', 'source': 'disclosure@vulncheck.com'}
  • {'url': 'https://www.exploit-db.com/exploits/51144', 'source': 'disclosure@vulncheck.com'}
  • {'url': 'https://www.vulncheck.com/advisories/concrete-cme-xpath-injection', 'source': 'disclosure@vulncheck.com'}
CVSS v2 : unknown
v3 : 9.8
v2 : unknown
v3 : unknown
CWE CWE-643

13 Jan 2026, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2026-01-13 23:15

Updated : 2026-01-14 19:16


NVD link : CVE-2022-50807

Mitre link : CVE-2022-50807

CVE.ORG link : CVE-2022-50807


JSON object : View

Products Affected

No product.

CWE

No CWE.