Severity by source
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
4DescriptionGitHub Advisory
Security Advisory - Page Management Plugin (SSRF)
Summary
A Server-Side Request Forgery (SSRF) issue exists in the external page migration feature of the Page Management Plugin.
Affected Versions
- 1.x series: <= 1.41.0
- 2.x series: <= 2.41.0
Patched Versions
- 1.41.1
- 2.41.1
Description
In the external page migration feature of the Page Management Plugin, a Server-Side Request Forgery (SSRF) issue could occur. If exploited, it may allow access to internal destinations and could result in information disclosure. Exploitation requires privileges that allow use of the page management screen. Users affected by this vulnerability should update to a fixed version.
Solution
Update to the fixed version. For the 1.x series, update to 1.41.1 or later. For the 2.x series, update to 2.41.1 or later.
Credits
OpenSource WorkShop thanks Sho Odagiri (小田切 祥) of GMO Cybersecurity by Ierae, Inc. for reporting this vulnerability.
AnalysisAI
A Server-Side Request Forgery (SSRF) vulnerability exists in the external page migration feature of the Page Management Plugin (Connect CMS), allowing authenticated attackers with page management screen access to make the server perform requests to internal destinations and disclose sensitive information. The vulnerability affects Connect CMS versions 1.x through 1.41.0 and 2.x through 2.41.0, with patches available in versions 1.41.1 and 2.41.1 respectively. With a CVSS score of 6.8 and moderate attack complexity requiring high privileges, this represents a real but bounded risk primarily to organizations running older plugin versions with administrative users who may be compromised or malicious.
Technical ContextAI
The vulnerability is classified as CWE-918 (Server-Side Request Forgery) and occurs in the external page migration functionality of Connect CMS, a Composer-based PHP package (pkg:composer/opensource-workshop/connect-cms). SSRF vulnerabilities arise when application code constructs HTTP requests based on user-controlled input without proper validation or allowlisting of target destinations. In this case, the page migration feature likely accepts URLs or destinations from authenticated users and fetches remote pages without validating whether those URLs point to internal resources (private IP ranges, localhost, internal service endpoints, or cloud metadata services). The lack of URL scheme validation, destination filtering, or network segmentation allows attackers to probe internal infrastructure, access metadata services, or retrieve sensitive configuration data from internal endpoints.
RemediationAI
Immediately upgrade Connect CMS to version 1.41.1 or later for 1.x series installations, or to version 2.41.1 or later for 2.x series installations. The patches are available from the official GitHub releases at https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1 and https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1, with commit-level details available at https://github.com/opensource-workshop/connect-cms/commit/4a1a64a8f768a53e06a4239e25782d9e2e88fc63 and https://github.com/opensource-workshop/connect-cms/commit/617a874e14b8476da7c0760a06384b9da21bdd4f. For organizations unable to patch immediately, implement network-level mitigations by restricting outbound connections from the application server using firewall rules that block access to private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.1, and link-local addresses), and disable access to cloud metadata endpoints (169.254.169.254 for AWS/GCP/Azure). Additionally, audit and restrict the set of users with page management screen permissions to reduce the pool of potential attackers, and monitor outbound network connections from the application server for suspicious internal requests.
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-14573