Concrete5 CMS Advisory – Multiple Vulnerabilities

Posted on October 5, 2011 by Steve

Application : Concrete 5
Versions Affected: < 5.4
Exploit : Multiple SQL Injections and XSS
Threat Level: Potentially high
Fix: Update not available
Credit: Ryan Dewhurst
External Website: http://www.concrete5.org

What does it mean, do I have to do anything, if so what?

Multiple SQL injection and cross site scripting vulnerabilities have been discovered. Only a few have been disclosed but Concrete where informed during September but have not issued updates yet.  Keep checking the website for updates and apply them asap.

What happens if I leave it?

A malicious user can only insert data, therefore there is a possibility of the MySQL partition becoming full which would in turn crash MySQL and possibly the server.

Post to Digg Digg This Post Post to Reddit Post to Reddit Post to StumbleUpon Stumble This Post Post to Technorati Post to Technorati

This entry was posted in Web Security. Bookmark the permalink.

Comments are closed.