concrete5/concrete5 is vulnerable to information disclosure. The vulnerability exists due to an insecure indirect object reference, allowing an attacker to access restricted files by attaching a message to the conversation.
documentation.concretecms.org/developers/introduction/version-history/857-release-notes
github.com/advisories/GHSA-m2v2-8227-59f5
github.com/concrete5/concrete5-core/commit/8b3ea9c1768078814f2218c0b6c2ddf144c3e072
github.com/concrete5/concrete5/commit/0ff0bb95eaa4644b52d4cbb0aa9980c7feb9faab
hackerone.com/reports/869612