Concrete CMS is vulnerable to information disclosure.The vulnerability exists in multiple functions due to whoops error output when debug mode is left in production, allowing an attacker to execute arbitrary codes via server-side sensitive information.
documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
documentation.concretecms.org/developers/introduction/version-history/913-release-notes
github.com/advisories/GHSA-q3hq-hm5h-qrx3
github.com/concretecms/concretecms-core/commit/921ed7db4f24a81d32f762a338d5d0ef1fbe1f8b
github.com/concretecms/concretecms-core/commit/c14477ec6ed5bfcf9f7e4f63a178113060fae0dd
github.com/concretecms/concretecms/commit/7ef42d570736064fabb8afd921a4906848204023
github.com/concretecms/concretecms/commit/d18e74486af3978bd137c84dd2e77828a6113762
github.com/concretecms/concretecms/pull/10975
github.com/concretecms/concretecms/releases/8.5.10
github.com/concretecms/concretecms/releases/9.1.3
www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31