Connect-CMS Page Management Plugin Server-Side Request Forgery Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability has been identified in the external page migration feature of the Page Management Plugin for Connect-CMS. This issue affects versions 1.x through 1.41.0 and 2.x through 2.41.0. The vulnerability allows access to internal destinations, potentially leading to information disclosure. Exploitation requires privileges to use the page management screen.

Impact

Exploitation of this vulnerability could result in unauthorized access to internal resources, allowing for potential information disclosure.

Reproduction

To reproduce this vulnerability, a user must have access to the Page Management Plugin's external page migration feature. When a migration request is made to a URL that the application can resolve to an internal IP address, the application will fetch the URL without applying the usual checks that prevent SSRF. This can be verified by monitoring the application's response to the migration request or by checking the application's logs for any downloaded content.

Remediation

Users should update to version 1.41.1 or 2.41.1, depending on their current version.