CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,740 vulnerabilities with CWE-918
CVE-2024-11618 HIGH
IPC Unigy Management System 04.03.00.08.0027 - SSRF
CVSS 7.3
CVE-2024-38645 MEDIUM
Notes Station 3 3.9.0-3.9.6 - Authenticated Server-Side Request Forgery
CVSS 6.5
CVE-2024-52598 HIGH
2fauth < 5.4.1 - Server-Side Request Forgery and URI Validation Bypass via Preview Endpoint
CVSS 7.5
CVE-2024-10524 MEDIUM
GNU Wget < 1.25.0 Shorthand URL Credentials - Server-Side Request Forgery
CVSS 6.5
CVE-2024-47208 CRITICAL
Apache OFBiz <18.12.17 - SSRF/Code Injection
CVSS 9.8
CVE-2024-5917 MEDIUM
PAN-OS 10.1.0-10.1.6 - Authenticated Server-Side Request Forgery via Administrative Web Interface
CVSS 4.9
CVE-2024-11168 LOW
Python urllib.parse - Bracketed Host Validation Server-Side Request Forgery
CVSS 3.7
CVE-2024-49521 HIGH
Adobe Commerce < 3.2.6 - Server-Side Request Forgery
CVSS 7.7
CVE-2024-51785 MEDIUM
I Thirteen Web Solution Responsive Filterable Portfolio <1.0.22 - SSRF
CVSS 4.4
CVE-2024-10814 MEDIUM
Code Embed < 2.5 - Authenticated Server-Side Request Forgery via ce_get_file()
CVSS 6.4
CVE-2024-50811 CRITICAL
hopetree izone lts c011b48 - Server-Side Request Forgery via Push URL Parameter
CVSS 9.1
CVE-2024-47190 LOW
Northern.tech Hosted Mender <2024.07.11 - SSRF
CVSS 2.7
CVE-2024-46947 MEDIUM
Northern.tech Mender <3.6.6, <3.7.7 - SSRF
CVSS 6.5
CVE-2024-48951 HIGH
Logpoint SIEM < 7.5.0 - Server-Side Request Forgery via SOAR
CVSS 7.5
CVE-2024-20531 MEDIUM
Cisco Identity Services Engine - Authenticated XML External Entity Injection and Server-Side Request Forgery via API
CVSS 5.5
CVE-2024-51358 CRITICAL
Heimdall 2.6.1 - Remote Code Execution via Add New Application
CVSS 9.8
CVE-2024-51740 MEDIUM
Combodo iTop < 2.7.11 - Server-Side Request Forgery via User Portal Form Manager
CVSS 4.3
CVE-2024-48052 MEDIUM
gradio < 4.42.0 - Server-Side Request Forgery via DownloadButton URL Parameter
CVSS 6.5
CVE-2024-51665 MEDIUM
Noor alam Magical Addons For Elementor <1.2.1 - SSRF
CVSS 4.9
CVE-2024-51408 HIGH
AppSmith 1.8.3-1.46 - Server-Side Request Forgery via New DataSource
CVSS 8.5
CVE-2024-48360 HIGH
Qualitor 8.24 viewValidacao.php - Server-Side Request Forgery
CVSS 7.5
CVE-2024-51242 MEDIUM
eladmin < 2.7 - Server-Side Request Forgery via HTTP Body ip Parameter
CVSS 6.5
CVE-2024-48346 MEDIUM
xtreme1 <= 0.9.1 - Server-Side Request Forgery via /api/data/upload fileUrl Parameter
CVSS 6.1
CVE-2024-48107 MEDIUM
sparkshop <= 1.1.7 - Server-Side Request Forgery
CVSS 6.5
CVE-2024-48178 HIGH
newbee-mall 1.0.0 goodsCoverImg - Server-Side Request Forgery
CVSS 8.1
Details
Vulnerabilities 2,740
Links
MITRE CWE Entry Search this CWE With Exploits