CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,758 vulnerabilities with CWE-918
CVE-2014-8943 HIGH
Lexiglot < 2014-11-20 - Server-Side Request Forgery via admin.php svn_url Parameter
CVSS 8.8
CVE-2014-3990 CRITICAL
OpenCart < 1.5.6.4 - Server-Side Request Forgery and XML External Entity Injection via Cart Update
CVSS 9.8
CVE-2013-4864 CRITICAL
MiCasaVerde VeraLite <1.5.408 - SSRF
CVSS 9.8
CVE-2012-10018 HIGH
Mapplic & Mapplic Lite <6.1-1.0 - SSRF
CVSS 8.3
CVE-2010-1637 MEDIUM
SquirrelMail < 1.4.20 - Authenticated Server-Side Request Forgery via Mail Fetch Plugin
CVSS 6.5
CVE-2007-6758 HIGH
Ext JS 5.0.0 - Server-Side Request Forgery via feed-proxy.php
CVSS 7.5
CVE-2004-2061 CRITICAL
RiSearch and RiSearch Pro - Server-Side Request Forgery via show.pl URL Parameter
CVSS 9.8
CVE-2002-1484 CRITICAL
DB4Web - Server-Side Request Forgery via Debug Message Proxy
CVSS 9.8
Details
Vulnerabilities 2,758
Links
MITRE CWE Entry Search this CWE With Exploits