Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,758 vulnerabilities with CWE-918

CVE-2021-23927 MEDIUM

Open-xchange Appsuite < 7.10.4 - SSRF

CVE-2020-36944 MEDIUM

ILIAS Learning Management System <4.3 - SSRF

CVE-2020-36884 MEDIUM

BrightSign Digital Signage Diagnostic Web Server <8.2.26 - SSRF

CVE-2020-36862 MEDIUM

Nagios XI < 5.6.11 - Unauthenticated Cross-Site Scripting and Server-Side Request Forgery via Highcharts Export Tool

CVE-2020-36851 CRITICAL

cors-anywhere - Unauthenticated Server-Side Request Forgery via Open Proxy Configuration

CVE-2020-23622 HIGH

cling 2.0.0-2.1.2 - Denial of Service via Unchecked CALLBACK Parameter

CVE-2020-22983 HIGH

MicroStrategy Web < 11.1 - Unauthenticated Server-Side Request Forgery via ShortURL Task srcURL Parameter

CVE-2020-27375 MEDIUM

Dr Trust USA iCheck Connect BP Monitor BP Testing <1.2.1 - Info Dis...

CVE-2020-21653 CRITICAL

MyuCMS 2.2.1 - Server-Side Request Forgery via sj Method

CVE-2020-21649 HIGH

MyuCMS 2.2.1 - Server-Side Request Forgery via sql Method

CVE-2020-24327 MEDIUM

Discourse 2.3.2 and 2.6 - Server-Side Request Forgery via Email Image Upload

CVE-2020-21122 MEDIUM

UReport 2.2.9 - Server-Side Request Forgery via Designer Page

CVE-2020-20341 HIGH

YzmCMS 5.5 - Server-Side Request Forgery via grab_image Function

CVE-2020-14160 HIGH

Gotenberg < 6.2.1 - Server-Side Request Forgery via Remote URL to PDF Conversion

CVE-2020-25353 MEDIUM

rConfig 3.9.5 - Authenticated Server-Side Request Forgery via deviceIpAddr Parameter

CVE-2020-4974 MEDIUM

IBM Jazz Foundation - Authenticated Server-Side Request Forgery

CVE-2020-23079 HIGH

halo <= 1.3.2 - Server-Side Request Forgery via SMTP Configuration

CVE-2020-20582 HIGH

MipCMS 5.0.1 - Server-Side Request Forgery via ApiAdminDomainSettings.php

CVE-2020-24149 HIGH

Podcast Importer SecondLine <1.1.4 - SSRF

CVE-2020-24148 CRITICAL

WordPress import-xml-feed <2.0.1 - SSRF

CVE-2020-24147 CRITICAL

WP Smart Import 1.0.0 - Server-Side Request Forgery via File Field

CVE-2020-24142 CRITICAL

Video Downloader for TikTok (WordPress) 1.3 - SSRF

CVE-2020-24141 MEDIUM

WP-DownloadManager 1.68.4 - Server-Side Request Forgery via file_remote Parameter

CVE-2020-21788 MEDIUM

CRMEB 3.1.0+ - Server-Side Request Forgery via CopyTaobao.php

CVE-2020-15377 CRITICAL

Brocade SANnav < 2.1.1 - Unauthenticated Server-Side Request Forgery

Previous Page 95 of 111 Next

Details

Vulnerabilities 2,758

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy