Full Disclosure

[KIS-2015-03] Concrete5 <= 5.7.4 (Access.php) SQL Injection Vulnerability

June 11, 2015 007admin Leave a comment

Posted by Egidio Romano on Jun 11

———————————————————–
Concrete5 <= 5.7.4 (Access.php) SQL Injection Vulnerability
———————————————————–

[-] Software Link:

https://www.concrete5.org/

[-] Affected Versions:

Version 5.7.3.1, 5.7.4, and probably other versions.

[-] Vulnerability Description:

The vulnerable code is located in /concrete/src/Permission/Access/Access.php:

168. protected function…

Leave a Reply Cancel reply

You must be logged in to post a comment.

Software and Security Information