CVE-2018-13790

Source
https://cve.org/CVERecord?id=CVE-2018-13790
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-13790.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-13790
Published
2018-07-09T20:29:00.957Z
Modified
2026-04-10T04:05:23.972058Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL functionality on the File Manager page.

References

Affected packages

Git / github.com/concretecms/concretecms

Affected ranges

Type
GIT
Repo
https://github.com/concretecms/concretecms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.2.0-NA"
        }
    ]
}

Affected versions

5.*
5.7.0
5.7.0.1
5.7.0.3
5.7.0.4
5.7.1
5.7.2
5.7.2.1
5.7.3
5.7.3.1
5.7.4.1
5.7.5.2
5.7.5.5
5.7.5.6
5.7.5.7
8.*
8.1.0
8.2.0
8.2.0RC2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-13790.json"