Description

A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL functionality on the File Manager page.

Remediation

References

CVE-2018-13790

Related Vulnerabilities

WordPress Plugin MDC YouTube Downloader Local File Inclusion (2.1.0)

PHP Out-of-bounds Read Vulnerability (CVE-2017-9227)

TYPO3 Observable Discrepancy Vulnerability (CVE-2022-36105)

WordPress Plugin Pinterest Automatic Pin Security Bypass (4.14.3)

Nginx CVE-2011-4963 Vulnerability (CVE-2011-4963)

Severity

High

Classification

CVE-2018-13790 CWE-918 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities