PT-2026-27231 · Connect Cms+1 · Page Management Plugin+1
Odgrso
·
Published
2026-03-23
·
Updated
2026-03-24
·
CVE-2026-32279
CVSS v3.1
6.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Connect-CMS versions 1.x through 1.41.0
Connect-CMS versions 2.x through 2.41.0
Description
A Server-Side Request Forgery (SSRF) issue exists in the external page migration feature of the Page Management Plugin. Exploitation requires privileges that allow use of the page management screen and may allow access to internal destinations, potentially resulting in information disclosure. Server-Side Request Forgery (SSRF) is a web security issue that allows an attacker to cause the server to make requests to unintended locations.
Recommendations
Update to Connect-CMS version 1.41.1 or later.
Update to Connect-CMS version 2.41.1 or later.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Connect-Cms
Page Management Plugin