CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,748 vulnerabilities with CWE-918
CVE-2023-36661 HIGH
Shibboleth XMLTooling <3.2.4 - SSRF
CVSS 7.5
CVE-2023-35133 HIGH
Moodle < 3.9.22, 4.0-4.0.8, 4.1-4.1.3, 4.2 - Server-Side Request Forgery via cURL Blocked Hosts Check Bypass
CVSS 7.5
CVE-2023-26435 MEDIUM
open-xchange_appsuite_backend < 7.10.6 - Server-Side Request Forgery via Manipulated ODT Documents
CVSS 5.0
CVE-2023-26431 MEDIUM
Open-Xchange App Suite - IPv4-Mapped IPv6 Server-Side Request Forgery
CVSS 5.0
CVE-2023-24243 HIGH
CData RSB Connect <v22.0.8336 - SSRF
CVSS 7.5
CVE-2023-29292 MEDIUM
Adobe Commerce 2.4.6 and earlier - Authenticated Server-Side Request Forgery
CVSS 4.9
CVE-2023-29291 MEDIUM
Adobe Commerce 2.4.6 and earlier - Authenticated Server-Side Request Forgery
CVSS 4.9
CVE-2023-21105 MEDIUM
Android 11-13 - Local Information Disclosure via ChooserActivity Confused Deputy
CVSS 5.5
CVE-2023-3238 MEDIUM
otcms < 6.62 - Server-Side Request Forgery via signalUrl Parameter
CVSS 6.3
CVE-2023-3236 MEDIUM
mccms < 2.6.5 - Server-Side Request Forgery via pic Argument in pic_save Function
CVSS 6.3
CVE-2023-3235 MEDIUM
mccms < 2.6.5 - Server-Side Request Forgery via pic_api URL Parameter
CVSS 6.3
CVE-2023-3233 MEDIUM
crmeb < 4.6.0 - Server-Side Request Forgery via get_image_base64 Function
CVSS 6.3
CVE-2023-25609 MEDIUM
FortiManager and FortiAnalyzer 6.4.8-6.4.11, 7.0.0-7.0.6, 7.2.0-7.2.1 - Authenticated Server-Side Request Forgery
CVSS 4.3
CVE-2023-3188 MEDIUM
owncast < 0.1.0 - Server-Side Request Forgery
CVSS 6.5
CVE-2023-2249 HIGH
wpForo Forum < 2.1.7 - Authenticated Local File Include and Server-Side Request Forgery via file_get_contents
CVSS 8.8
CVE-2023-1895 HIGH
Getwid - Gutenberg Blocks <1.8.4 - SSRF
CVSS 8.5
CVE-2023-32750 MEDIUM
Pydio Cells < 3.0.12 - Server-Side Request Forgery via Remote Download Job
CVSS 6.5
CVE-2023-34959 MEDIUM
Chamilo LMS 1.11.0-1.11.18 - Server-Side Request Forgery via Social and Links Tools
CVSS 5.3
CVE-2023-32683 LOW
Synapse < 1.85.0 - Server-Side Request Forgery via URL Preview Bypass
CVSS 3.5
CVE-2023-3121 LOW
Dahua Smart Parking Management <20230528 - SSRF
CVSS 3.5
CVE-2023-28824 MEDIUM
CONPROSYS HMI System < 3.5.3 - Authenticated Server-Side Request Forgery via Database Query Setting Bypass
CVSS 4.9
CVE-2023-23955 HIGH
Advanced Secure Gateway and Content Analysis <7.3.13.1/3.1.6.0 - SSRF
CVSS 8.1
CVE-2023-3015 MEDIUM
yiwent Vip Video Analysis 1.0 - SSRF
CVSS 6.3
CVE-2023-2927 MEDIUM
JIZHICMS 2.4.5 - Server-Side Request Forgery via webapi Parameter
CVSS 6.3
CVE-2023-33184 LOW
Nextcloud Mail 1.13.0-1.15.2 - Server-Side Request Forgery
CVSS 3.5
Details
Vulnerabilities 2,748
Links
MITRE CWE Entry Search this CWE With Exploits