concrete5/core is vulnerable to information disclosure. Password protected files are exposed to any users using view_inline because it does not limit file types for view_inline to images only.
CPE | Name | Operator | Version |
---|---|---|---|
concrete5/core | le | 8.5.6 | |
concrete5/concrete5 | le | 8.5.6 | |
concrete5/core | le | 8.5.6 | |
concrete5/concrete5 | le | 8.5.6 |