Concrete CMS is vulnerable to denial of service.The vulnerability exists in multiple functions of controller.php
due to insufficient validation of user-supplied input within the forever
cookie which allows an attacker to crash the application via malicious input.
documentation.concretecms.org/developers/introduction/version-history/8510-release-notes
documentation.concretecms.org/developers/introduction/version-history/913-release-notes
github.com/advisories/GHSA-3cxx-3f53-m92c
github.com/concretecms/concretecms-core/commit/36239e6698282ce3f631e67e60b3687e6d235823
github.com/concretecms/concretecms-core/commit/80fd7d2d9573d3810d2326a0e0aa692fa1b4b14e
github.com/concretecms/concretecms/commit/605a5e82f0164e3d333ef6a43660e30e3362065e
github.com/concretecms/concretecms/commit/80f5d78f58761b6ba7b61b9e1d24711c5bb8bbda
github.com/concretecms/concretecms/pull/10977
github.com/concretecms/concretecms/releases/8.5.10
github.com/concretecms/concretecms/releases/9.1.3
www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31