Description
Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value.
Remediation
References
Related Vulnerabilities
WordPress Plugin Affiliate Press Multiple Cross-Site Scripting Vulnerabilities (0.3.8)
PHP Numeric Errors Vulnerability (CVE-2016-4345)
Joomla! Core 3.x.x Cross-Site Scripting (3.0.0 - 3.2.2)
MySQL CVE-2021-35641 Vulnerability (CVE-2021-35641)
WordPress Plugin Subscriptions & Memberships for PayPal Unspecified Vulnerability (1.1.5)