PT-2026-27231 · Connect Cms+1 · Page Management Plugin+1

Odgrso

Publicado

2026-03-23

Atualizado

2026-03-24

CVE-2026-32279

CVSS v3.1

6.8

Média

Vetor

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Connect-CMS versions 1.x through 1.41.0 Connect-CMS versions 2.x through 2.41.0

Description A Server-Side Request Forgery (SSRF) issue exists in the external page migration feature of the Page Management Plugin. Exploitation requires privileges that allow use of the page management screen and may allow access to internal destinations, potentially resulting in information disclosure. Server-Side Request Forgery (SSRF) is a web security issue that allows an attacker to cause the server to make requests to unintended locations.

Recommendations Update to Connect-CMS version 1.41.1 or later. Update to Connect-CMS version 2.41.1 or later.

Exploit

Correção

SSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-918

Identificadores relacionados

CVE-2026-32279

GHSA-JH46-85JR-6PH9

Produtos afetados

Connect-Cms

Page Management Plugin

PT-2026-27231 · Connect Cms+1 · Page Management Plugin+1

CVE-2026-32279

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11