CVE-2018-13790

Name of the Vulnerable Software and Affected Versions concrete5 version 8.2.0

Description A Server Side Request Forgery (SSRF) issue in the remote.php file can lead to attacks on the local network and mapping of the internal network, due to URL functionality on the File Manager page.

Recommendations For concrete5 version 8.2.0, consider restricting access to the remote.php file in the tools/files/importers directory to minimize the risk of exploitation. As a temporary workaround, limit the use of URL functionality on the File Manager page until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.