Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,750 vulnerabilities with CWE-918

CVE-2022-34013 MEDIUM

OneBlog 2.3.4 - Server-Side Request Forgery via Logo Parameter

CVE-2022-34011 MEDIUM

OneBlog v2.3.4 - Server-Side Request Forgery via entryUrls Parameter

CVE-2022-23080 MEDIUM

Directus 9.0.0-beta.2-9.6.0 - Server-Side Request Forgery via Media Upload Functionality

CVE-2022-23071 MEDIUM

Tandoor Recipes 0.9.1-1.2.5 - Server-Side Request Forgery via Import Recipe Functionality

CVE-2022-29612 MEDIUM

SAP Host Agent and NetWeaver ABAP - Authenticated Server-Side Request Forgery via sapcontrol startservice

CVE-2022-28217 MEDIUM

SAP NetWeaver - Server-Side Request Forgery via XML Document Validation Bypass

CVE-2022-24969 MEDIUM

Apache Dubbo < 2.6.12 and 2.7.0-2.7.14 - Server-Side Request Forgery via parseURL Method

CVE-2022-31830 CRITICAL

Kity Minder v1.3.5 - Server-Side Request Forgery via ImageCapture.class.php Init Function

CVE-2022-31827 CRITICAL

MonstaFTP 2.10.3 - Server-Side Request Forgery via HTTPFetcher.php

CVE-2022-31393 CRITICAL

jizhicms v2.2.5 - Server-Side Request Forgery via Index Function in PluginsController

CVE-2022-31390 CRITICAL

jizhicms 2.2.5 - Server-Side Request Forgery via Update Function in TemplateController

CVE-2022-31386 CRITICAL

nbnbk cms 3 - Server-Side Request Forgery via getFileBinary URL Parameter

CVE-2022-27780 HIGH

curl 7.80.0-7.83.0 - URL Hostname Spoofing via Percent-Encoded Separator Bypass

CVE-2022-1285 MEDIUM

Gogs < 0.12.8 - Server-Side Request Forgery

CVE-2022-1815 HIGH

drawio < 18.1.2 - Server-Side Request Forgery

CVE-2022-29309 HIGH

mysiteforme 2.2.1 - Server-Side Request Forgery

CVE-2022-28997 HIGH

CSZCMS 1.3.0 - Server-Side Request Forgery via File Manager Connector

CVE-2022-29188 MEDIUM

Smokescreen <0.0.4 - Deny List Bypass via Bracketed Hostname

CVE-2022-1784 HIGH

drawio < 18.0.8 - Server-Side Request Forgery

CVE-2022-1767 HIGH

drawio < 18.0.7 - Server-Side Request Forgery

CVE-2022-28616 CRITICAL

HPE OneView < 7.0 - Server-Side Request Forgery

CVE-2022-24856 CRITICAL

FlyteConsole < 0.52.0 - Server-Side Request Forgery via CORS Proxy

CVE-2022-1711 HIGH

drawio < 18.0.5 - Server-Side Request Forgery

CVE-2022-1723 HIGH

drawio < 18.0.6 - Server-Side Request Forgery

CVE-2022-23668 MEDIUM

Aruba ClearPass Policy Manager <= 6.10.4, <= 6.9.9, <= 6.8.9-HF2, <= 6.7.x - Authenticated Server-Side Request Forgery

Previous Page 84 of 110 Next

Details

Vulnerabilities 2,750

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy