Posted by Egidio Romano on Jun 11

———————————————————–
Concrete5 <= 5.7.4 (Access.php) SQL Injection Vulnerability
———————————————————–

[-] Software Link:

https://www.concrete5.org/

[-] Affected Versions:

Version 5.7.3.1, 5.7.4, and probably other versions.

[-] Vulnerability Description:

The vulnerable code is located in /concrete/src/Permission/Access/Access.php:

168. protected function…