Server-Side Request Forgery (SSRF)

concrete5/concrete5 is vulnerable to server-side request forgery. The vulnerability exists through the local IP importing in 'file.php' which allows an attacker to read the files from private local LAN servers and exploit the local network apps...

GHSA-GQPW-9Q54-9X28 Server-Side Request Forgery in Concrete CMS

Concrete CMS formerly concrete5 versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable to SSRF attacks on the private LAN to servers by reading files from the local LAN. An attacker can pivot in the private LAN and exploit local network appsandb...