Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,758 vulnerabilities with CWE-918

CVE-2019-12633 HIGH

Cisco Unified Contact Center Express - Unauthenticated Server-Side Request Forgery

CVE-2019-12632 HIGH

Cisco Finesse - Unauthenticated Server-Side Request Forgery

CVE-2019-13020 CRITICAL

Tightrope Media Carousel < 7.1.3 - Unauthenticated Server-Side Request Forgery via Fetch API

CVE-2019-15494 CRITICAL

openITCOCKPIT < 3.7.1 - Server-Side Request Forgery

CVE-2019-11897 HIGH

ProSyst mBS SDK <8.2.6 & Bosch IoT Gateway Software <9.3.0 - SSRF

CVE-2019-0345 CRITICAL

SAP NetWeaver Application Server Java 7.30, 7.31, 7.40, 7.50 - Unauthenticated Server-Side Request Forgery via XML File

CVE-2019-12994 CRITICAL

ManageEngine AssetExplorer 6.2.0 - Server-Side Request Forgery via AJaxServlet Parameter

CVE-2019-12959 HIGH

ManageEngine AssetExplorer < 6.2.0 - Server-Side Request Forgery via ClientUtilServlet URL Parameter

CVE-2019-14255 CRITICAL

go-camo < 1.1.4 - Server-Side Request Forgery

CVE-2019-14704 CRITICAL

MicroDigital N-series <6400.0.8.5 - SSRF

CVE-2019-7923 HIGH

Magento 2.1.0-2.1.17, 2.2.0-2.2.8, 2.3.0-2.3.1 - Authenticated Server-Side Request Forgery in Shipment Settings

CVE-2019-7913 HIGH

Magento 2.1.0-2.1.17 - Authenticated Server-Side Request Forgery via Shipment Method Manipulation

CVE-2019-7911 HIGH

Magento <1.9.4.2, <1.14.4.2, <2.1.18, <2.2.9, <2.3.2 - SSRF

CVE-2019-7892 HIGH

Magento 2.1-2.1.17, 2.2-2.2.8, 2.3-2.3.1 - Authenticated Remote Code Execution via Server-Side Request Forgery

CVE-2019-7616 MEDIUM

Kibana < 6.8.2 - Authenticated Server-Side Request Forgery via Timelion Graphite URL Configuration

CVE-2019-9827 CRITICAL

Hawt Hawtio < 2.5.0 - Server-Side Request Forgery via Proxy URI

CVE-2019-12852 CRITICAL

JetBrains YouTrack < 2018.4.49168 - Server-Side Request Forgery

CVE-2019-12153 CRITICAL

RealObjects PDFreactor <10.1.10722 - SSRF

CVE-2019-9187 HIGH

ikiwiki < 3.20170111.1, 3.2018x, < 3.20190228 - Server-Side Request Forgery via Aggregate Plugin

CVE-2019-1872 MEDIUM

Cisco TelePresence Video Communication Server - DoS

CVE-2019-6981 MEDIUM

Zimbra Collaboration Suite <8.9 - Blind SSRF

CVE-2019-12161 HIGH

webpagetest 19.04 - Server-Side Request Forgery via Octal IP Address Encoding

CVE-2019-6516 MEDIUM

WSO2 Dashboard Server 2.0.0 - Server-Side Request Forgery

CVE-2019-6512 MEDIUM

WSO2 API Manager 2.6.0 - Server-Side Request Forgery via file:// Wrapper

CVE-2019-11066 CRITICAL

LightOpenID < 1.3.1 - Server-Side Request Forgery via OpenID 2.0 Assertion Request

Previous Page 103 of 111 Next

Details

Vulnerabilities 2,758

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy