Concrete5 CMS: source code security analysis report

2016-05-23T00:00:00
ID APPERCUT:14
Type appercut
Reporter InfoWatch APPERCUT
Modified 2016-06-28T00:00:00

Description

Several vulnerabilities were discovered in Portland Labs 'Concrete5 CMS' software: File System Path Manipulation Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random Generators in Cryptography HttpOnly Cookies   Incorrect Permissions for External Entities During XML Document Processing Incorrect User Input Filtration when Generating Code on the Fly Using Obsolete jQuery Methods Using Insufficiently Random Generators in Cryptography