CVE-2022-50807
Unknown Unknown - Not Provided
XPath Injection in Concrete5 CMS 9.1.3 Enables Data Exposure

Publication date: 2026-01-13

Last updated on: 2026-01-13

Assigner: VulnCheck

Description
Concrete5 CMS version 9.1.3 contains an XPath injection vulnerability that allows attackers to manipulate URL path parameters with malicious payloads. Attackers can flood the system with crafted requests to potentially extract internal content paths and system information.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-13
Last Modified
2026-01-13
Generated
2026-05-07
AI Q&A
2026-01-14
EPSS Evaluated
2026-01-14
NVD
CVE-2022-50807
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
concrete5 cms 9.1.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-643 The product uses external input to dynamically construct an XPath expression used to retrieve data from an XML database, but it does not neutralize or incorrectly neutralizes that input. This allows an attacker to control the structure of the query.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2022-50807 is an XPath injection vulnerability in Concrete5 CMS version 9.1.3. It allows attackers to inject malicious XPath payloads into URL path parameters, specifically the URL path segment labeled '3'. This improper input sanitization leads to unsafe XPath query construction, causing the system to reveal internal file paths and system information through error messages. Attackers can send crafted HTTP requests that trigger server errors, exposing sensitive data and potentially enabling further exploitation. [1, 4]


How can this vulnerability impact me? :

This vulnerability can impact you by allowing attackers to extract sensitive internal content paths and system information from your Concrete5 CMS installation. Additionally, attackers can flood the system with crafted requests, potentially causing denial of service or enabling further attacks. The exposure of internal file paths and stack traces can aid attackers in planning more targeted exploits against your system. [1, 4]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by sending specially crafted HTTP GET requests to the vulnerable Concrete5 CMS version 9.1.3 URL path segment labeled `3` with malicious XPath payloads, such as `50539478' or 4591=4591--`. For example, you can use curl to send a test request: `curl -i -X GET "http://vulnerablehost.com/concrete-cms-9.1.3/index.php/ccm50539478'%20or%204591%3d4591--%20/assets/localization/moment/js"`. If the server responds with an HTTP 500 Internal Server Error containing detailed PHP error messages and stack traces, it indicates the presence of the XPath injection vulnerability. Monitoring for repeated requests with suspicious payloads in URL paths can also help detect exploitation attempts. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting or blocking suspicious requests that contain malicious XPath payloads in URL path segments, especially those targeting the vulnerable segment labeled `3`. Applying input validation and sanitization on URL path parameters to prevent injection of malicious XPath queries is critical. Additionally, upgrading Concrete5 CMS to a version later than 9.1.3 that addresses this vulnerability (such as version 9.4.7 or later) is recommended. If an upgrade is not immediately possible, implementing web application firewall (WAF) rules to detect and block XPath injection patterns can help reduce risk. [1, 3]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart