CVE-2021-40109

MEDIUM Year: 2021
CVSS v3 Score
6.4
Medium
CVSS v2 Score
5.5
Medium
Weakness Type
CWE-918
View all →

Vulnerability Description

A SSRF issue was discovered in Concrete CMS through 8.5.5. Users can access forbidden files on their local network. A user with permissions to upload files from external sites can upload a URL that redirects to an internal resource of any file type. The redirect is followed and loads the contents of the file from the redirected-to server. Files of disallowed types can be uploaded.

Related Vulnerabilities

CVE-2018-1000182

MEDIUM
CVSS:6.4(Medium)

A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb....

CWE-9182018

CVE-2021-23927

MEDIUM
CVSS:6.4(Medium)

OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request.

CWE-9182021

CVE-2021-31779

MEDIUM
CVSS:6.4(Medium)

The yoast_seo (aka Yoast SEO) extension before 7.2.1 for TYPO3 allows SSRF via a backend user account.

CWE-9182021

CVE-2023-4651

MEDIUM
CVSS:6.4(Medium)

Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1.

CWE-9182023

CVE-2023-6805

MEDIUM
CVSS:6.4(Medium)

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and incl...

CWE-9182023

CVE-2023-6964

MEDIUM
CVSS:6.4(Medium)

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.26 via the 'kadence_import_ge...

CWE-9182023