Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1540

1540 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CWE-918, Server-Side Request Forgery, is a critical web security weakness where an application allows users to specify URLs that the server subsequently fetches without adequate validation. Attackers typically exploit this by manipulating input parameters to force the server to access internal resources, such as cloud metadata services or local network endpoints, which are otherwise inaccessible from the outside. This bypasses perimeter defenses, potentially leading to sensitive data exposure or internal network reconnaissance. To mitigate SSRF, developers must implement strict input validation, ensuring that only whitelisted domains and protocols are permitted. Additionally, employing network-level controls like firewalls to restrict outbound connections from the application server and isolating internal services from public-facing interfaces significantly reduces the attack surface, preventing unauthorized internal access.

MITRE CWE Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Common Consequences (3)
ConfidentialityRead Application Data
IntegrityExecute Unauthorized Code or Commands
Access ControlBypass Protection Mechanism
By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts i…
Examples (1)
This code intends to receive a URL from a user, access the URL, and return the results to the user.
$url = $_GET['url']; # User-controlled input # Fetch the content of the provided URL $response = file_get_contents($url); echo $response;
Bad · PHP
# Define allowed URLs (or domains) $allowed_urls = [ 'https://example.com/data.json', 'https://api.example.com/info', ]; # Get the user-provided URL $url = $_GET['url'] ?? ''; # Validate against allowed URLs if (!in_array($url, $allowed_urls)) { http_response_code(400); echo "Invalid or unauthorized URL."; exit; } # Fetch content safely $response = @file_get_contents($url); if ($response === false) { http_response_code(500); echo "Failed to fetch content."; exit; } echo htmlspecialchars($response); # Escape output for safety
Good · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2025-47791 Nextcloud Server's test remote endpoint is not rate limited — security-advisories 4.3 Medium2025-05-16
CVE-2025-40595 SonicWALL SMA1000 安全漏洞 — SMA1000 9.1AICriticalAI2025-05-14
CVE-2024-13940 Ninja Forms Webhooks <= 3.0.7 - Authenticated (Admin+) Server-Side Request Forgery via Form Webhook — Ninja Forms Webhooks 5.5 Medium2025-05-14
CVE-2025-47733 Microsoft Power Apps Information Disclosure Vulnerability — Microsoft Power Pages 9.1 Critical2025-05-08
CVE-2025-29972 Azure Storage Resource Provider Spoofing Vulnerability — Azure Storage Resource Provider (SRP) 9.9 Critical2025-05-08
CVE-2025-47664 WordPress WP Pipes <= 1.4.2 - Server Side Request Forgery (SSRF) Vulnerability — WP Pipes 4.4 Medium2025-05-07
CVE-2025-47635 WordPress WebinarPress plugin <= 1.33.28 - Server Side Request Forgery (SSRF) Vulnerability — WebinarPress 5.5 Medium2025-05-07
CVE-2025-47548 WordPress Wbcom Designs - Activity Link Preview For BuddyPress plugin <= 1.4.4 - Server Side Request Forgery (SSRF) Vulnerability — Wbcom Designs - Activity Link Preview For BuddyPress 5.4 Medium2025-05-07
CVE-2025-47483 WordPress Easy Replace Image plugin <= 3.5.0 - Server Side Request Forgery (SSRF) Vulnerability — Easy Replace Image 4.9 Medium2025-05-07
CVE-2025-47484 WordPress Display Remote Posts Block plugin <= 1.1.0 - Server Side Request Forgery (SSRF) Vulnerability — Display Remote Posts Block 6.4 Medium2025-05-07
CVE-2025-47464 WordPress Solace Extra plugin <= 1.3.1 - Server Side Request Forgery (SSRF) Vulnerability — Solace Extra 4.9 Medium2025-05-07
CVE-2024-55910 IBM Concert Software server-side request forgery — Concert Software 6.5 Medium2025-05-02
CVE-2025-46568 Stirling-PDF Server-Side Request Forgery (SSRF)-Induced Arbitrary File Read Vulnerability — Stirling-PDF 7.5AIHighAI2025-05-01
CVE-2024-13845 Gravity Forms WebHooks <= 1.6.0 - Authenticated (Admin+) Server-Side Request Forgery via Webhook — Gravity Forms WebHooks 5.5 Medium2025-05-01
CVE-2025-2170 SonicWALL SMA1000 安全漏洞 — SMA1000 9.8AICriticalAI2025-04-30
CVE-2025-4012 playeduxyz PlayEdu 开源培训系统 User Avatar create server-side request forgery — PlayEdu 开源培训系统 2.7 Low2025-04-28
CVE-2023-35817 DevExpress 安全漏洞 — DevExpress 5.0 Medium2025-04-28
CVE-2025-3954 ChurchCRM Referer server-side request forgery — ChurchCRM 3.7 Low2025-04-26
CVE-2025-3775 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) <= 3.1.2 - Unauthenticated Server-Side Request Forgery via URL Parameter — ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin 6.5 Medium2025-04-25
CVE-2025-46531 WordPress WP AVCL Automation Helper (formerly WPFlyLeads) plugin <= 3.4 - Server Side Request Forgery (SSRF) Vulnerability — WP AVCL Automation Helper (formerly WPFlyLeads) 4.9 Medium2025-04-24
CVE-2025-46511 WordPress BeerXML Shortcode plugin <= 0.7.1 - Server Side Request Forgery (SSRF) Vulnerability — BeerXML Shortcode 6.4 Medium2025-04-24
CVE-2025-46503 WordPress Simple Google Photos Grid plugin <= 1.5 - Server Side Request Forgery (SSRF) Vulnerability — Simple Google Photos Grid 4.9 Medium2025-04-24
CVE-2025-46443 WordPress Animate plugin <= 0.5 - Server Side Request Forgery (SSRF) Vulnerability — Animate 4.9 Medium2025-04-24
CVE-2025-1522 PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability — PostHog 6.5 -2025-04-23
CVE-2025-1521 PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability — PostHog 6.5 -2025-04-23
CVE-2025-27907 IBM WebSphere Application Server server-side request forgery — WebSphere Application Server 4.1 Medium2025-04-22
CVE-2025-2987 IBM Maximo Asset Management server-side request forgery — Maximo Asset Management 3.8 Low2025-04-21
CVE-2025-3787 PbootCMS Image server-side request forgery — PbootCMS 2.7 Low2025-04-18
CVE-2024-56736 Apache HertzBeat: Server-Side Request Forgery (SSRF) in Api Config Oss — Apache HertzBeat 9.1AICriticalAI2025-04-16
CVE-2025-3691 mirweiye Seven Bears Library CMS Add Link server-side request forgery — Seven Bears Library CMS 2.7 Low2025-04-16

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1540 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.