Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1540

1540 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CWE-918, Server-Side Request Forgery, is a critical web security weakness where an application allows users to specify URLs that the server subsequently fetches without adequate validation. Attackers typically exploit this by manipulating input parameters to force the server to access internal resources, such as cloud metadata services or local network endpoints, which are otherwise inaccessible from the outside. This bypasses perimeter defenses, potentially leading to sensitive data exposure or internal network reconnaissance. To mitigate SSRF, developers must implement strict input validation, ensuring that only whitelisted domains and protocols are permitted. Additionally, employing network-level controls like firewalls to restrict outbound connections from the application server and isolating internal services from public-facing interfaces significantly reduces the attack surface, preventing unauthorized internal access.

MITRE CWE Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Common Consequences (3)
ConfidentialityRead Application Data
IntegrityExecute Unauthorized Code or Commands
Access ControlBypass Protection Mechanism
By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts i…
Examples (1)
This code intends to receive a URL from a user, access the URL, and return the results to the user.
$url = $_GET['url']; # User-controlled input # Fetch the content of the provided URL $response = file_get_contents($url); echo $response;
Bad · PHP
# Define allowed URLs (or domains) $allowed_urls = [ 'https://example.com/data.json', 'https://api.example.com/info', ]; # Get the user-provided URL $url = $_GET['url'] ?? ''; # Validate against allowed URLs if (!in_array($url, $allowed_urls)) { http_response_code(400); echo "Invalid or unauthorized URL."; exit; } # Fetch content safely $response = @file_get_contents($url); if ($response === false) { http_response_code(500); echo "Failed to fetch content."; exit; } echo htmlspecialchars($response); # Escape output for safety
Good · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2025-13393 Featured Image from URL (FIFU) <= 5.3.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'fifu_input_url' — Featured Image from URL (FIFU) 4.3 Medium2026-01-10
CVE-2026-22597 Ghost has SSRF via External Media Inliner — Ghost 6.5 -2026-01-10
CVE-2026-22245 Mastodon has SSRF Protection bypass — mastodon 9.4 -2026-01-08
CVE-2026-21885 Miniflux Media Proxy SSRF via /proxy endpoint allows access to internal network resources — v2 6.5 Medium2026-01-08
CVE-2025-22726 WordPress nK Themes Helper plugin <= 1.7.9 - Server Side Request Forgery (SSRF) vulnerability — nK Themes Helper 6.4 Medium2026-01-08
CVE-2026-21859 Mailpit Proxy Endpoint is Vulnerable to Server-Side Request Forgery (SSRF) — mailpit 5.8 Medium2026-01-07
CVE-2019-25290 INIM Electronics Smartliving SmartLAN/G/SI <=6.x Unauthenticated SSRF via GetImage — Smartliving SmartLAN/G/SI 5.3 Medium2026-01-07
CVE-2025-69222 LibreChat is vulnerable to Server-Side Request Forgery due to missing restrictions — LibreChat 9.1 Critical2026-01-07
CVE-2025-58441 Knowage is vulnerable to blind server-side request forgery (SSRF) — Knowage-Server 5.3 -2026-01-07
CVE-2025-49335 WordPress External Media plugin <= 1.0.36 - Server Side Request Forgery (SSRF) vulnerability — External Media 4.9 Medium2026-01-07
CVE-2026-0649 invoiceninja Migration Import Import.php copy server-side request forgery — invoiceninja 4.7 Medium2026-01-07
CVE-2025-14438 Xagio SEO <= 7.1.0.30 - Authenticated (Subscriber+) Server-Side Request Forgery — Xagio SEO – AI Powered SEO 6.4 Medium2026-01-06
CVE-2025-68437 Craft CMS vulnerable to Server-Side Request Forgery (SSRF) via GraphQL Asset Upload Mutation — cms 9.1 -2026-01-05
CVE-2026-21433 Emlog vulnerable to Server-Side Request Forgery (SSRF) — emlog 7.7 High2026-01-02
CVE-2025-15414 go-sonic Theme Fetching API git_fetcher.go FetchTheme server-side request forgery — sonic 4.7 Medium2026-01-01
CVE-2025-14627 WP Import – Ultimate CSV XML Importer for WordPress <= 7.35 - Authenticated (Contributor+) Server-Side Request Forgery via Bitly Shortlink Bypass — WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress 6.4 Medium2026-01-01
CVE-2025-34469 Cowrie < 2.9.0 Unrestricted wget/curl Emulation Enables SSRF-Based DDoS Amplification — Cowrie 7.5 -2025-12-31
CVE-2025-62088 WordPress WordPress & WooCommerce Scraper plugin, Import Data from Any Site plugin <= 1.0.7 - Server Side Request Forgery (SSRF) vulnerability — WordPress & WooCommerce Scraper Plugin, Import Data from Any Site 5.4 Medium2025-12-31
CVE-2025-59138 WordPress Genemy theme <= 1.6.6 - Server Side Request Forgery (SSRF) vulnerability — Genemy 4.9 Medium2025-12-31
CVE-2025-15373 EyouCMS function.php saveRemote server-side request forgery — EyouCMS 6.3 Medium2025-12-31
CVE-2025-15264 FeehiCMS TimThumb timthumb.php server-side request forgery — FeehiCMS 7.3 High2025-12-30
CVE-2025-69014 WordPress Youzify plugin <= 1.3.7 - Server Side Request Forgery (SSRF) vulnerability — Youzify 4.9 Medium2025-12-30
CVE-2025-68893 WordPress WordPress Image shrinker plugin <= 1.1.0 - Server Side Request Forgery (SSRF) vulnerability — WordPress Image shrinker 4.9 Medium2025-12-29
CVE-2025-69206 Hemmelig has SSRF Filter bypass in Secret Request functionality — Hemmelig.app 4.3 Medium2025-12-29
CVE-2025-15098 YunaiV yudao-cloud Business Process Management BpmSyncHttpRequestTrigger server-side request forgery — yudao-cloud 6.3 Medium2025-12-26
CVE-2019-25251 Teradek VidiU Pro 3.0.3 Server-Side Request Forgery via RTMP Settings — VidiU Pro 6.5 Medium2025-12-24
CVE-2025-68600 WordPress Link Library plugin <= 7.8.7 - Server Side Request Forgery (SSRF) vulnerability — Link Library 4.9 Medium2025-12-24
CVE-2025-67623 WordPress 6Storage Rentals plugin <= 2.22.0 - Server Side Request Forgery (SSRF) vulnerability — 6Storage Rentals 5.4 Medium2025-12-24
CVE-2025-68500 WordPress Prime Slider – Addons For Elementor plugin <= 4.0.10 - Server Side Request Forgery (SSRF) vulnerability — Prime Slider – Addons For Elementor 4.9 Medium2025-12-24
CVE-2025-68696 httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage — httparty 9.1AICriticalAI2025-12-23

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1540 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.