Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1540

1540 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CWE-918, Server-Side Request Forgery, is a critical web security weakness where an application allows users to specify URLs that the server subsequently fetches without adequate validation. Attackers typically exploit this by manipulating input parameters to force the server to access internal resources, such as cloud metadata services or local network endpoints, which are otherwise inaccessible from the outside. This bypasses perimeter defenses, potentially leading to sensitive data exposure or internal network reconnaissance. To mitigate SSRF, developers must implement strict input validation, ensuring that only whitelisted domains and protocols are permitted. Additionally, employing network-level controls like firewalls to restrict outbound connections from the application server and isolating internal services from public-facing interfaces significantly reduces the attack surface, preventing unauthorized internal access.

MITRE CWE Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Common Consequences (3)
ConfidentialityRead Application Data
IntegrityExecute Unauthorized Code or Commands
Access ControlBypass Protection Mechanism
By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts i…
Examples (1)
This code intends to receive a URL from a user, access the URL, and return the results to the user.
$url = $_GET['url']; # User-controlled input # Fetch the content of the provided URL $response = file_get_contents($url); echo $response;
Bad · PHP
# Define allowed URLs (or domains) $allowed_urls = [ 'https://example.com/data.json', 'https://api.example.com/info', ]; # Get the user-provided URL $url = $_GET['url'] ?? ''; # Validate against allowed URLs if (!in_array($url, $allowed_urls)) { http_response_code(400); echo "Invalid or unauthorized URL."; exit; } # Fetch content safely $response = @file_get_contents($url); if ($response === false) { http_response_code(500); echo "Failed to fetch content."; exit; } echo htmlspecialchars($response); # Escape output for safety
Good · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2025-1912 Product Import Export for WooCommerce <= 2.5.0 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function — Product Import Export for WooCommerce – Import Export Product CSV Suite 7.6 High2025-03-26
CVE-2024-13411 Zapier for WordPress <= 1.5.1 - Authenticated (Subscriber+) Blind Server-Side Request Forgery via updated_user Function — Zapier for WordPress 6.4 Medium2025-03-26
CVE-2025-2109 WP Compress <= 6.30.15 - Unauthenticated Server-Side Request Forgery via init Function — WP Compress – Instant Performance & Speed Optimization 5.8 Medium2025-03-25
CVE-2024-10207 Server-Side Request Forgery (authenticated) in APROL Web Portal — APROL 7.1AIHighAI2025-03-25
CVE-2024-10206 Server-Side Request Forgery (unauthenticated) in APROL Web Portal — APROL 8.2AIHighAI2025-03-25
CVE-2025-2691 nossrf 安全漏洞 — nossrf 8.2 High2025-03-23
CVE-2025-1970 Export and Import Users and Customers <= 2.6.2 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function — Export and Import Users and Customers 7.6 High2025-03-22
CVE-2024-13856 Make Builder <= 1.1.10 - Authenticated (Subscriber+) Server-Side Request Forgery via make_builder_ajax_subscribe Function — Your Friendly Drag and Drop Page Builder — Make Builder 6.4 Medium2025-03-22
CVE-2025-27888 Apache Druid: Server-Side Request Forgery and Cross-Site Scripting — Apache Druid 5.4 -2025-03-20
CVE-2024-13923 Order Export & Order Import for WooCommerce <= 2.6.0 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function — Order Export & Order Import for WooCommerce 7.6 High2025-03-20
CVE-2025-0184 Server-Side Request Forgery (SSRF) in langgenius/dify — langgenius/dify 9.1 -2025-03-20
CVE-2024-10457 SSRF Vulnerabilities in significant-gravitas/autogpt — significant-gravitas/autogpt 9.1 -2025-03-20
CVE-2024-12392 Server-Side Request Forgery (SSRF) in binary-husky/gpt_academic — binary-husky/gpt_academic 6.5 -2025-03-20
CVE-2025-0454 SSRF Check Bypass in Requests Utility in significant-gravitas/autogpt — significant-gravitas/autogpt 9.1 -2025-03-20
CVE-2024-12779 SSRF in infiniflow/ragflow — infiniflow/ragflow 7.5 -2025-03-20
CVE-2024-12766 SSRF in parisneo/lollms-webui — parisneo/lollms-webui 9.8 -2025-03-20
CVE-2024-11030 SSRF in binary-husky/gpt_academic — binary-husky/gpt_academic 8.8 -2025-03-20
CVE-2024-12450 RCE, Full Read SSRF, and Arbitrary File Read in infiniflow/ragflow — infiniflow/ragflow 9.1 -2025-03-20
CVE-2024-8952 SSRF in composiohq/composio — composiohq/composio 9.1 -2025-03-20
CVE-2024-12882 SSRF in comfyanonymous/comfyui — comfyanonymous/comfyui 9.1 -2025-03-20
CVE-2024-12376 Server Side Request Forgery in lm-sys/fastchat — lm-sys/fastchat 7.5 -2025-03-20
CVE-2024-11603 Server-Side Request Forgery in lm-sys/fastchat — lm-sys/fastchat 7.5 -2025-03-20
CVE-2024-8099 Server-Side Request Forgery (SSRF) in vanna-ai/vanna — vanna-ai/vanna 9.1 -2025-03-20
CVE-2024-9309 SSRF in POST /worker_generate_stream API endpoint in haotian-liu/llava — haotian-liu/llava 9.8 -2025-03-20
CVE-2024-8955 SSRF in composiohq/composio — composiohq/composio 7.5 -2025-03-20
CVE-2024-12775 SSRF in langgenius/dify — langgenius/dify 9.1 -2025-03-20
CVE-2024-11031 SSRF in binary-husky/gpt_academic — binary-husky/gpt_academic 7.5 -2025-03-20
CVE-2024-11822 Server-Side Request Forgery (SSRF) in langgenius/dify — langgenius/dify 7.5 -2025-03-20
CVE-2025-0188 SSRF in gaizhenbiao/chuanhuchatgpt — gaizhenbiao/chuanhuchatgpt 8.8 -2025-03-20
CVE-2024-7959 SSRF in open-webui/open-webui — open-webui/open-webui 9.8 -2025-03-20

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1540 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.