Pabl00Nicarres

**Name of the Vulnerable Software and Affected Versions** concrete5 versions prior to 8.5.5 **Description** A Server-Side Request Forgery issue was found that allows a decimal notation encoded IP address to bypass localhost limitations, enabling interaction with local services. The impact varies depending on the services exposed. **Recommendations** For versions prior to 8.5.5, update to version 8.5.5 or later to resolve the issue. As a temporary workaround, consider restricting access to local services to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Concrete CMS versions prior to 8.5.6 **Description** An issue in Concrete CMS allows remote code execution when fetching the update json scheme over HTTP. **Recommendations** For Concrete CMS versions prior to 8.5.6, update to version 8.5.6 or later to resolve the issue.