Concrete CMS SQL Injection Vulnerability

Summary
The host is installed with Concrete CMS and is prone to sql injection vulnerability
Impact
Successful exploitation will allow remote attackers to execute arbitrary SQL commands in applications database and gain complete control over the vulnerable web application. Impact Level: Application
Solution
Upgrade to version 5.6.3 or later, For updates refer to https://www.concrete5.org
Insight
The flaw is due to improper validation of 'cID' parameter passed to '/index.php' script.
Affected
Concrete CMS version 5.6.2.1
Detection
Send a crafted exploit string via HTTP GET request and check whether it is possible to execute sql query.
References