Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,758 vulnerabilities with CWE-918

CVE-2020-35970 HIGH

YzmCMS 5.8 - Server-Side Request Forgery Allows Arbitrary File Read

CVE-2020-14328 LOW

Ansible Tower < 3.7.2 - Server-Side Request Forgery via URL Processing

CVE-2020-14327 MEDIUM

Ansible Tower < 3.6.5 - Server-Side Request Forgery via Lookup Credential Test Feature

CVE-2020-29445 MEDIUM

Confluence Server <7.4.8 & <7.5.0-7.11.0 - SSRF

CVE-2020-28943 MEDIUM

Open-xchange Appsuite < 7.10.4 - SSRF

CVE-2020-22002 HIGH

Inim Smartliving SmartLAN/G/SI <=6.x - Unauthenticated Server-Side Request Forgery via GetImage Host Parameter

CVE-2020-35313 CRITICAL

WonderCMS 3.1.3 - Code Execution via Theme Installer SSRF

CVE-2020-24140 HIGH

wcms 0.3.2 - Server-Side Request Forgery via pagename Parameter

CVE-2020-24139 HIGH

wcms 0.3.2 - Server-Side Request Forgery via wex/cssjs.php Path Parameter

CVE-2020-19613 HIGH

FlyCMS 20190503 - Server-Side Request Forgery via saveUrlAs Function

CVE-2020-15809 MEDIUM

SpinetiX DSOS HMP350 HMP300 DiVA HMP400 HMP400W < 4.5.2 - Server-Side Request Forgery and Path Traversal

CVE-2020-4882 MEDIUM

IBM Planning Analytics 2.0 - Server-Side Request Forgery via User-Controlled URL

CVE-2020-5014 MEDIUM

IBM DataPower Gateway 10.0.0.0-10.0.1.0 - Authenticated Remote Code Execution via Server-Side Request Forgery

CVE-2020-12529 MEDIUM

mbCONNECT24 and mymbCONNECT24 - LDAP Access Check Server-Side Request Forgery

CVE-2020-23534 CRITICAL

masterlab 2.1.5 - Server-Side Request Forgery via Upgrade.php Source Parameter

CVE-2020-11988 HIGH

Apache XmlGraphics Commons < 2.4 - Server-Side Request Forgery via XMPParser

CVE-2020-11987 HIGH

Apache Batik < 1.13 - Server-Side Request Forgery via NodePickerPanel

CVE-2020-8902 LOW

Rendertron < 3.0.0 - Server-Side Request Forgery via Headless Chrome Process

CVE-2020-36232 MEDIUM

atlassian-gadgets < 4.2.37, 4.3.0-4.3.13, 4.3.2.0-4.3.2.3, 4.4.0-4.4.11, 5.0.0 SSRF via MessageBundleWhiteList

CVE-2020-10252 HIGH

owncloud < 10.4.0 - Authenticated Server-Side Request Forgery via Files Sharing External Remote Parameter

CVE-2020-28463 MEDIUM

reportlab < 3.5.55 - Server-Side Request Forgery via IMG Tag

CVE-2020-35561 MEDIUM

mbconnect24, mymbconnect24, myrex24, and myrex24.virtual < 2.11.2 - SSRF in HA Module

CVE-2020-35558 HIGH

Mbconnectline Mbconnect24 < 2.11.2 - SSRF

CVE-2020-35667 HIGH

JetBrains TeamCity < 2020.2.85695 - Server-Side Request Forgery

CVE-2020-4787 LOW

IBM QRadar SIEM 7.3.0-7.3.3, 7.4.0-7.4.2 SSRF

Previous Page 96 of 111 Next

Details

Vulnerabilities 2,758

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy