Description
Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2013-5844 Vulnerability (CVE-2013-5844)
WordPress Plugin WordPress Download Manager Cross-Site Scripting (3.2.15)
MongoDb Other Vulnerability (CVE-2013-2132)
MySQL CVE-2019-2879 Vulnerability (CVE-2019-2879)
Plone CMS Use of Externally-Controlled Format String Vulnerability (CVE-2017-5524)