Description
A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL functionality on the File Manager page.
Remediation
References
Related Vulnerabilities
WordPress Plugin Pods-Custom Content Types and Fields Multiple Vulnerabilities (2.4.3)
WordPress Plugin WP Live.php 's' Parameter Cross-Site Scripting (1.2.1)
Rukovoditel Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-11815)
WordPress 2.6.1 Lost Password SQL Column Truncation Unauthorized Access Vulnerability (0.71 - 2.6.1)