Server Side Request Forgery (SSRF) Vulnerability in concrete5 8.2.0 File Manager URL Functionality

Server Side Request Forgery (SSRF) Vulnerability in concrete5 8.2.0 File Manager URL Functionality

CVE-2018-13790 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL functionality on the File Manager page.

Learn more about our Cis Benchmark Audit For Server Software.