CVE-2022-50807 - Vulnerability Details

This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Portlandlabs Subscribe	Concrete Cms Subscribe

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Portlandlabs Subscribe	Concrete Cms Subscribe

Advisories

Source	ID	Title
Github GHSA	GHSA-r7vr-wg3f-8hr9	Concrete5 CMS contains an XPath injection vulnerability

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

No reference.

History

Wed, 14 Jan 2026 19:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-643
References	https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/concretecms.org/2022/concretecms-9.1.3 https://www.concretecms.org/ https://www.concretecms.org/download https://www.exploit-db.com/exploits/51144 https://www.vulncheck.com/advisories/concrete-cme-xpath-injection
Metrics	cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}`

Wed, 14 Jan 2026 19:15:00 +0000

Type	Values Removed	Values Added
Description	Concrete5 CMS version 9.1.3 contains an XPath injection vulnerability that allows attackers to manipulate URL path parameters with malicious payloads. Attackers can flood the system with crafted requests to potentially extract internal content paths and system information.	This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue.
Title	Concrete5 CME 9.1.3 - Xpath injection
Metrics	cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N'}`	cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}`

Wed, 14 Jan 2026 11:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Portlandlabs Portlandlabs concrete Cms
Vendors & Products		Portlandlabs Portlandlabs concrete Cms

Tue, 13 Jan 2026 23:00:00 +0000

Type	Values Removed	Values Added
Description		Concrete5 CMS version 9.1.3 contains an XPath injection vulnerability that allows attackers to manipulate URL path parameters with malicious payloads. Attackers can flood the system with crafted requests to potentially extract internal content paths and system information.
Title		Concrete5 CME 9.1.3 - Xpath injection
Weaknesses		CWE-643
References		https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/concretecms.org/2022/concretecms-9.1.3 https://www.concretecms.org/ https://www.concretecms.org/download https://www.exploit-db.com/exploits/51144 https://www.vulncheck.com/advisories/concrete-cme-xpath-injection
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: REJECTED

Assigner: VulnCheck

Published: 2026-01-13T22:51:40.976Z

Updated: 2026-01-14T18:51:30.411Z

Reserved: 2025-12-27T13:53:29.756Z

Link: CVE-2022-50807

Vulnrichment

No data.

NVD

Status : Rejected

Published: 2026-01-13T23:15:50.003

Modified: 2026-01-14T19:16:15.773

Link: CVE-2022-50807

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-01-14T11:07:47Z

Weaknesses

No weakness.

Metrics

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object