Lucene search
GoogleOSV:GHSA-284F-F2HW-J2GXHistoryOct 12, 2021 - 6:41 p.m.
Server-Side Request Forgery vulnerability in concrete5
2021-10-1218:41:59
Google
osv.dev
9
0.002 Low
EPSS
Percentile
58.7%
A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. Impact can vary depending on services exposed.
Related
hackerone
hackerone
Concrete CMS: SSRF bypass
2020-04-30 13:38:41
cvelist
cvelist
CVE-2021-22958
2021-10-07 13:35:02
veracode
veracode
Server-side Request Forgery (SSRF)
2021-10-08 06:19:52
cve
cve
CVE-2021-22958
2021-10-07 14:15:08
cnvd
cnvd
Portlandlabs Concrete5 server-side request forgery vulnerability
2021-10-10 00:00:00
prion
prion
Server side request forgery (ssrf)
2021-10-07 14:15:00
github
github
Server-Side Request Forgery vulnerability in concrete5
2021-10-12 18:41:59
nvd
nvd
CVE-2021-22958
2021-10-07 14:15:08
openvas
openvas
Concrete CMS < 8.5.5 Multiple Vulnerabilities
2021-03-29 00:00:00