Concrete5 CMS XPath Injection Vulnerability in Version 9.1.3

A XPath injection vulnerability has been identified in Concrete5 CMS version 9.1.3. This vulnerability allows attackers to manipulate URL path parameters with malicious payloads, potentially leading to the extraction of internal content paths and system information. The issue arises from improper neutralization of data within XPath expressions, enabling crafted requests to be sent to the system.

Impact

Exploitation of this vulnerability could result in unauthorized access to internal content paths and system information, potentially leading to further attacks or exploitation of other vulnerabilities.

Reproduction

To reproduce this vulnerability, send a request to the URL path folder '3' with a crafted XPath injection payload. The server response should include an XPath error message, indicating that the injection was successful. This vulnerability can be exploited by flooding the system with similar crafted requests until the actual paths of all content are revealed.