5 matches found
CVE-2021-22970
Concrete CMS formerly concrete5 versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa. SSRF attacks on the private LAN servers by reading files from the local LAN. An attacker can pivot in the private LAN and exploit local network appsandb. SS...
EUVD-2021-2351
Malware in sbrugna...
Server-Side Request Forgery in Concrete CMS
Concrete CMS formerly concrete5 versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable to SSRF attacks on the private LAN to servers by reading files from the local LAN. An attacker can pivot in the private LAN and exploit local network appsandb...
CVE-2021-22970
Concrete CMS formerly concrete5 versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa. SSRF attacks on the private LAN servers by reading files from the local LAN. An attacker can pivot in the private LAN and exploit local network appsandb. SS...
CVE-2021-22970
Concrete CMS (concrete5) vulnerable versions: 8.5.6 and earlier, and 9.0.0, expose a Server-Side Request Forgery (SSRF) flaw via local IP importing that enables reading files on the private LAN and potential network pivoting. The root cause is described as SSRF with DNS rebinding as a bypass; exp...