{"id":"CVE-2018-13790","details":"A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL functionality on the File Manager page.","modified":"2026-04-10T04:05:23.972058Z","published":"2018-07-09T20:29:00.957Z","references":[{"type":"EVIDENCE","url":"https://hackerone.com/reports/243865"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/concretecms/concretecms","events":[{"introduced":"0"},{"last_affected":"72fb50290983bab46f94a111451bef022c21ad41"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"8.2.0-NA"}]}}],"versions":["5.7.0","5.7.0.1","5.7.0.3","5.7.0.4","5.7.1","5.7.2","5.7.2.1","5.7.3","5.7.3.1","5.7.4.1","5.7.5.2","5.7.5.5","5.7.5.6","5.7.5.7","8.1.0","8.2.0","8.2.0RC2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-13790.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}