Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,758 vulnerabilities with CWE-918

CVE-2020-8134 HIGH

Ghost CMS < 3.10.0 - Server-Side Request Forgery

CVE-2020-10077 CRITICAL

GitLab 3.0.0-12.8.1 - Server-Side Request Forgery via Deprecated Service

CVE-2020-8540 CRITICAL

Zoho ManageEngine Desktop Central <07-Mar-2020 - SSRF

CVE-2020-10212 CRITICAL

Responsive FileManager 9.13.4 and 9.14.0 - Server-Side Request Forgery via URL Parameter

CVE-2020-7796 CRITICAL KEV

Zimbra Collaboration Suite <8.8.15 Patch 7 - SSRF

CVE-2020-8128 CRITICAL

jsreport < 2.5.0 - Server-Side Request Forgery and Arbitrary Code Execution

CVE-2020-8118 MEDIUM

nextcloud_server < 15.0.9 - Authenticated Server-Side Request Forgery via Calendar Subscription

CVE-2020-3938 CRITICAL

SysJust Syuan-Gu-Da-Shih <20191223 - SSRF

CVE-2020-1925 HIGH

Apache Olingo 4.0.0-4.7.0 - Server-Side Request Forgery via Location Header

CVE-2019-25451 HIGH

phpMoAdmin 1.1.5 - Cross-Site Request Forgery via moadmin.php

CVE-2019-25290 MEDIUM

Smartliving SmartLAN/G/SI <=6.x - SSRF

CVE-2019-25251 MEDIUM

Teradek VidiU Pro 3.0.3 - Server-Side Request Forgery via URL Parameter

CVE-2019-14476 MEDIUM

AdRem NetCrunch <10.6.0.4587 - SSRF

CVE-2019-17566 HIGH

Apache Batik < 1.13 - Server-Side Request Forgery via xlink:href Attribute

CVE-2019-20408 MEDIUM

Jira < 8.7.0 - Server-Side Request Forgery via Gadgets MakeRequest Endpoint

CVE-2019-20872 MEDIUM

Mattermost Server < 4.10.8 - Server-Side Request Forgery

CVE-2019-11574 CRITICAL

Simple Machines Forum <2.0.17 - SSRF

CVE-2019-13121 HIGH

GitLab 10.6.0-12.0.2 - Server-Side Request Forgery via GitHub Project Integration

CVE-2019-12443 CRITICAL

GitLab 10.2-11.11 - Server-Side Request Forgery via DNS Rebinding

CVE-2019-18846 MEDIUM

Open-Xchange App Suite < 7.10.2 - Server-Side Request Forgery

CVE-2019-20474 MEDIUM

Zoho ManageEngine Remote Access Plus 10.0.447 - Server-Side Request Forgery via Mail-Server Configuration Test

CVE-2019-4741 MEDIUM

IBM Content Navigator 3.0CD - Unauthenticated Server-Side Request Forgery

CVE-2019-5464 CRITICAL

GitLab 10.2.0-11.11.7 - Server-Side Request Forgery via DNS Rebinding Protection Bypass

CVE-2019-19835 HIGH

Ruckus Wireless Unleashed < 200.7.10.202.94 - Server-Side Request Forgery via AjaxRestrictedCmdStat

CVE-2019-19261 HIGH

GitLab 6.7.0-12.5.0 - Server-Side Request Forgery

Previous Page 101 of 111 Next

Details

Vulnerabilities 2,758

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy