CVE-2022-50807 - Vulnerability Details

This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Portlandlabs	Concrete Cms

No data.

References

No reference.

History

Wed, 14 Jan 2026 19:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-643
References	https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/concretecms.org/2022/concretecms-9.1.3 https://www.concretecms.org/ https://www.concretecms.org/download https://www.exploit-db.com/exploits/51144 https://www.vulncheck.com/advisories/concrete-cme-xpath-injection
Metrics	cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}`

Wed, 14 Jan 2026 19:15:00 +0000

Type	Values Removed	Values Added
Description	Concrete5 CMS version 9.1.3 contains an XPath injection vulnerability that allows attackers to manipulate URL path parameters with malicious payloads. Attackers can flood the system with crafted requests to potentially extract internal content paths and system information.	This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue.
Title	Concrete5 CME 9.1.3 - Xpath injection
Metrics	cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N'}`	cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}`

Wed, 14 Jan 2026 11:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Portlandlabs Portlandlabs concrete Cms
Vendors & Products		Portlandlabs Portlandlabs concrete Cms

Tue, 13 Jan 2026 23:00:00 +0000

Type	Values Removed	Values Added
Description		Concrete5 CMS version 9.1.3 contains an XPath injection vulnerability that allows attackers to manipulate URL path parameters with malicious payloads. Attackers can flood the system with crafted requests to potentially extract internal content paths and system information.
Title		Concrete5 CME 9.1.3 - Xpath injection
Weaknesses		CWE-643
References		https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/concretecms.org/2022/concretecms-9.1.3 https://www.concretecms.org/ https://www.concretecms.org/download https://www.exploit-db.com/exploits/51144 https://www.vulncheck.com/advisories/concrete-cme-xpath-injection
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N'}`