Lucene search
GoogleOSV:GHSA-GQPW-9Q54-9X28HistoryNov 23, 2021 - 6:18 p.m.
Server-Side Request Forgery in Concrete CMS
2021-11-2318:18:43
Google
osv.dev
8
0.001 Low
EPSS
Percentile
48.0%
Concrete CMS (formerly concrete5) versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable to SSRF attacks on the private LAN to servers by reading files from the local LAN. An attacker can pivot in the private LAN and exploit local network appsandb.
Related
openvas
openvas
Concrete CMS 9.0.0 SSRF Vulnerability
2021-11-22 00:00:00
Concrete CMS < 8.5.7 Multiple Vulnerabilities
2021-11-22 00:00:00
prion
prion
Server side request forgery (ssrf)
2021-11-19 19:15:00
hackerone
hackerone
Concrete CMS: SSRF - pivoting in the private LAN
2021-10-10 08:28:56
cve
cve
CVE-2021-22970
2021-11-19 19:15:08
cvelist
cvelist
CVE-2021-22970
2021-11-19 18:08:53
nvd
nvd
CVE-2021-22970
2021-11-19 19:15:08
cnvd
cnvd
PortlandLabs Concrete Cms Code Problem Vulnerability
2021-11-23 00:00:00
github
github
Server-Side Request Forgery in Concrete CMS
2021-11-23 18:18:43
veracode
veracode
Server-Side Request Forgery (SSRF)
2021-11-24 09:51:19