Description
A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL functionality on the File Manager page.
Remediation
References
Related Vulnerabilities
WordPress Plugin Import any XML or CSV File to WordPress Cross-Site Scripting (3.6.2)
SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-0971)
Oracle Database Server CVE-2010-2390 Vulnerability (CVE-2010-2390)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-35150)