N/A

A SSRF issue was discovered in Concrete CMS through 8.5.5. Users can access forbidden files on their local network. A user with permissions to upload files from external sites can upload a URL that redirects to an internal resource of any file type. The redirect is followed and loads the contents of the file from the redirected-to server. Files of disallowed types can be uploaded.

N/A

N/A

PortlandLabs Concrete Cms 代码问题漏洞

PortlandLabs Concrete Cms是美国PortlandLabs公司的一个面向团队的开源内容管理系统。 PortlandLabs Concrete CMS 中存在代码问题漏洞，该漏洞源于产品未对用户上传文件类型加以限制。攻击者可通过上传一个可重定向到任意文件类型的URL进而加载敏感内容。以下产品及版本受到影响：Concrete CMS 8.5.5 版本。

N/A

N/A