Описание
A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL functionality on the File Manager page.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:concretecms:concrete_cms:8.2.0:-:*:*:*:*:*:*
EPSS
Процентиль: 56%
0.00335
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 7.2
github
больше 3 лет назад
A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL functionality on the File Manager page.
EPSS
Процентиль: 56%
0.00335
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-918