Description
Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value.
Remediation
References
Related Vulnerabilities
Dolibarr Improper Input Validation Vulnerability (CVE-2022-0174)
SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-0971)
WordPress Plugin Adminimize 'page' Parameter Cross-Site Scripting (1.7.21)
Oracle JRE CVE-2024-20955 Vulnerability (CVE-2024-20955)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-7061)