CWE-918— Server-Side Request Forgery (SSRF)
2,379 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-918page 6 of 48
- CVE-2020-22002HIGHCVSS 7.5EG 7.52021-04-29
An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI <=6.x within the GetImage functionality. The application parses user supplied data in the GET parameter 'host' to cons…
- CVE-2020-22983HIGHCVSS 8.1EG 8.12022-05-13
A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL ta…
- CVE-2020-23079HIGHCVSS 7.5EG 7.52021-07-12
SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet.
- CVE-2020-23534CRITICALCVSS 9.8EG 9.82021-02-25
A server-side request forgery (SSRF) vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via the 'source' parameter.
- CVE-2020-23622HIGHCVSS 7.5EG 7.52022-08-15
An issue in the UPnP protocol in 4thline cling 2.0.0 through 2.1.2 allows remote attackers to cause a denial of service via an unchecked CALLBACK parameter in the request header
- CVE-2020-23776HIGHCVSS 7.5EG 7.52021-01-26
A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header 'HOST' v…
- CVE-2020-24063HIGHCVSS 7.2EG 7.22020-11-10
The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF.
- CVE-2020-24139HIGHCVSS 8.3EG 8.32021-04-07
Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and exe…
- CVE-2020-24140HIGHCVSS 8.3EG 8.32021-04-07
Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and e…
- CVE-2020-24141MEDIUMCVSS 5.3EG 5.32021-07-07
Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the file_remote parameter to download-add.php. It can hel…
- CVE-2020-24142CRITICALCVSS 9.8EG 9.82021-07-07
Server-side request forgery in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video p…
- CVE-2020-24147CRITICALCVSS 9.1EG 9.12021-07-07
Server-side request forgery (SSR) vulnerability in the WP Smart Import (wp-smart-import) plugin 1.0.0 for WordPress via the file field.
- CVE-2020-24148CRITICALCVSS 9.1EG 9.12021-07-07
Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 for WordPress via the data parameter in a moove_read_xml action.
- CVE-2020-24149HIGHCVSS 7.5EG 7.52021-07-07
Server-side request forgery (SSRF) in the Podcast Importer SecondLine (podcast-importer-secondline) plugin 1.1.4 for WordPress via the podcast_feed parameter in a secondline_import_initialize action to the secondlinepodcastimport page.
- CVE-2020-24327MEDIUMCVSS 5.3EG 5.32021-09-23
Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites.
- CVE-2020-24444MEDIUMCVSS 5.8EG 5.82020-12-10
AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 (6.4.8.2) have a blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability could be exploited by an unauthentic…
- CVE-2020-24548MEDIUMCVSS 5.3EG 5.32020-08-26
Ericom Access Server 9.2.0 (for AccessNow and Ericom Blaze) allows SSRF to make outbound WebSocket connection requests on arbitrary TCP ports, and provides "Cannot connect to" error messages to inform the attacker about closed ports.
- CVE-2020-24570MEDIUMCVSS 6.5EG 6.52020-09-30
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing attackers to steal session information from logged-in users with a cr…
- CVE-2020-24641HIGHCVSS 7.5EG 7.52021-01-15
In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. This can be used to perform an …
- CVE-2020-24700MEDIUMCVSS 5.4EG 5.42021-01-12
OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring.
- CVE-2020-24710MEDIUMCVSS 5.3EG 5.32020-10-28
Gophish before 0.11.0 allows SSRF attacks.
- CVE-2020-24815MEDIUMCVSS 6.5EG 6.52020-11-24
A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal network resources or leak files from the l…
- CVE-2020-24881CRITICALCVSS 9.8EG 9.82020-11-02
SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.
- CVE-2020-24898HIGHCVSS 7.6EG 7.62020-08-29
The Table Filter and Charts for Confluence Server app before 5.3.26 (for Atlassian Confluence) allows SSRF via the "Table from CSV" macro (URL parameter).
- CVE-2020-25353MEDIUMCVSS 6.5EG 6.52021-08-20
A server-side request forgery (SSRF) vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability allowed remote authenticated attackers to open a connection to the machine via the deviceIpAddr and connPort parameters.
- CVE-2020-25466CRITICALCVSS 9.8EG 9.82020-10-23
A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code.
- CVE-2020-25820MEDIUMCVSS 6.5EG 6.52020-10-21
BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field.
- CVE-2020-26032HIGHCVSS 7.5EG 7.52020-12-28
An SSRF issue was discovered in Zammad before 3.4.1. The SMS configuration interface for Massenversand is implemented in a way that renders the result of a test request to the User. An attacker can use this to request any URL via a GET req…
- CVE-2020-26258MEDIUMCVSS 6.3EG 6.32020-12-16
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to reque…
- CVE-2020-26811MEDIUMCVSS 5.3EG 5.32020-11-10
SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further…
- CVE-2020-26815HIGHCVSS 8.6EG 8.62020-11-10
SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to send a crafted request to a vulnerable web application. It is usually used to target internal systems behind firewalls that…
- CVE-2020-26948CRITICALCVSS 9.8EG 9.82020-10-10
Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter.
- CVE-2020-27018MEDIUMCVSS 5.5EG 5.52020-11-09
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's web server and grant access to web resou…
- CVE-2020-27197CRITICALCVSS 9.8EG 9.82020-10-17
TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the no_network setting is used for the XML parser. NOTE: the vend…
- CVE-2020-27375MEDIUMCVSS 6.5EG 6.52022-04-07
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Transmitting Write Requests and Chars.
- CVE-2020-27624MEDIUMCVSS 5.3EG 5.32020-11-16
JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF.
- CVE-2020-27626MEDIUMCVSS 5.3EG 5.32020-11-16
JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF.
- CVE-2020-28043HIGHCVSS 7.5EG 7.52020-11-02
MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL.
- CVE-2020-28168MEDIUMCVSS 5.9EG 5.92020-11-06
Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.
- CVE-2020-28360CRITICALCVSS 9.8EG 9.82020-11-23
Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN reserved IP ranges, resulting in an indeterm…
- CVE-2020-28463MEDIUMCVSS 6.5EG 6.52021-02-18
All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Downlo…
- CVE-2020-28735HIGHCVSS 8.8EG 8.82020-12-30
Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).
- CVE-2020-28943MEDIUMCVSS 6.5EG 6.52021-04-30
OX App Suite 7.10.4 and earlier allows SSRF via a snippet.
- CVE-2020-28976MEDIUMCVSS 5.3EG 5.32020-11-30
The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF.
- CVE-2020-28977MEDIUMCVSS 5.3EG 5.32020-11-30
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/get.php?subdomain=SSRF.
- CVE-2020-28978MEDIUMCVSS 5.3EG 5.32020-11-30
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF.
- CVE-2020-29166HIGHCVSS 7.5EG 7.52021-02-03
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by file read/manipulation, which can result in remote information disclosure.
- CVE-2020-29445MEDIUMCVSS 4.3EG 4.32021-05-07
Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters.
- CVE-2020-35205CRITICALCVSS 9.8EG 9.82021-01-11
Server Side Request Forgery (SSRF) in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to scan internal ports and make outbound connections via the initFile.jsp file. NOTE: This vulnerability only affects…
- CVE-2020-35313CRITICALCVSS 9.8EG 9.82021-04-20
A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer.
Map vulnerabilities like CWE-918 to your infrastructure
EchelonGraph correlates every CVE — across CWE-918 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →