Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1540

1540 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CWE-918, Server-Side Request Forgery, is a critical web security weakness where an application allows users to specify URLs that the server subsequently fetches without adequate validation. Attackers typically exploit this by manipulating input parameters to force the server to access internal resources, such as cloud metadata services or local network endpoints, which are otherwise inaccessible from the outside. This bypasses perimeter defenses, potentially leading to sensitive data exposure or internal network reconnaissance. To mitigate SSRF, developers must implement strict input validation, ensuring that only whitelisted domains and protocols are permitted. Additionally, employing network-level controls like firewalls to restrict outbound connections from the application server and isolating internal services from public-facing interfaces significantly reduces the attack surface, preventing unauthorized internal access.

MITRE CWE Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Common Consequences (3)
ConfidentialityRead Application Data
IntegrityExecute Unauthorized Code or Commands
Access ControlBypass Protection Mechanism
By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts i…
Examples (1)
This code intends to receive a URL from a user, access the URL, and return the results to the user.
$url = $_GET['url']; # User-controlled input # Fetch the content of the provided URL $response = file_get_contents($url); echo $response;
Bad · PHP
# Define allowed URLs (or domains) $allowed_urls = [ 'https://example.com/data.json', 'https://api.example.com/info', ]; # Get the user-provided URL $url = $_GET['url'] ?? ''; # Validate against allowed URLs if (!in_array($url, $allowed_urls)) { http_response_code(400); echo "Invalid or unauthorized URL."; exit; } # Fetch content safely $response = @file_get_contents($url); if ($response === false) { http_response_code(500); echo "Failed to fetch content."; exit; } echo htmlspecialchars($response); # Escape output for safety
Good · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2024-12068 Server-Side Request Forgery in haotian-liu/llava — haotian-liu/llava 7.5 -2025-03-20
CVE-2024-11449 Server-Side Request Forgery in haotian-liu/llava — haotian-liu/llava 9.8 -2025-03-20
CVE-2025-27774 Applio allows SSRF and file write in model_download.py — Applio 9.8 -2025-03-19
CVE-2025-27775 Applio allows SSRF and file write in model_download.py — Applio 9.8 -2025-03-19
CVE-2025-27776 Applio allows SSRF and file write in model_download.py — Applio 9.1 -2025-03-19
CVE-2025-27777 Applio allows SSRF and file write in model_download.py — Applio 7.5 -2025-03-19
CVE-2024-49822 IBM QRadar Advisor server-side request forgery — QRadar Advisor with Watson 4.1 Medium2025-03-18
CVE-2025-22474 Dell SmartFabric OS10 代码问题漏洞 — SmartFabric OS10 Software 6.8 Medium2025-03-17
CVE-2024-13838 Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 6.2 - Authenticated (Admin+) Server-Side Request Forgery via Webhook — Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin 5.5 Medium2025-03-12
CVE-2025-2192 Stoque Zeev.it Login Page server-side request forgery — Zeev.it 4.3 Medium2025-03-11
CVE-2025-27430 Server Side Request Forgery (SSRF) in SAP CRM and SAP S/4 HANA (Interaction Center) — SAP CRM and SAP S/4HANA (Interaction Center) 3.5 Low2025-03-11
CVE-2025-22603 AutoGPT SSRF vulnerability — AutoGPT 9.1 -2025-03-10
CVE-2025-2116 Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System File Protocol imageProxy.do server-side request forgery — Founder Enjoys All-Media Acquisition and Editing System 4.3 Medium2025-03-09
CVE-2024-13924 Starter Templates by FancyWP <= 2.0.0 - Unauthenticated Blind Server-Side Request Forgery — Starter Templates by FancyWP 5.3 Medium2025-03-08
CVE-2024-53696 QuLog Center — QuLog Center 4.9 -2025-03-07
CVE-2025-27152 Possible SSRF and Credential Leakage via Absolute URL in axios Requests — axios 10.0 -2025-03-07
CVE-2024-13857 WPGet API <= 2.2.10 - Authenticated (Administrator+) Server-Side Request Forgery — WPGet API – Connect to any external REST API 5.5 Medium2025-03-07
CVE-2024-13904 Platform.ly for WooCommerce <= 1.1.6 - Unauthenticated Blind Server-Side Request Forgery — Platform.ly for WooCommerce 5.3 Medium2025-03-07
CVE-2025-27600 FastGPT SSRF — FastGPT 7.5 -2025-03-06
CVE-2025-27501 Server Side Request Forgery in Ziti Console — ziti-console 8.6 High2025-03-03
CVE-2025-25303 Server-Side Request Forgery (SSRF) in MouseTooltipTranslator — MouseTooltipTranslator 8.1 -2025-03-03
CVE-2025-25301 Rembg allows SSRF via /api/remove — rembg 5.3 -2025-03-03
CVE-2025-1849 zj1983 zz import_data_todb server-side request forgery — zz 6.3 Medium2025-03-03
CVE-2025-1848 zj1983 zz import_data_check server-side request forgery — zz 6.3 Medium2025-03-03
CVE-2025-1833 zj1983 zz HTTP Request Customer_noticeAction.java sendNotice server-side request forgery — zz 6.3 Medium2025-03-02
CVE-2025-1799 Zorlan SkyCaiji Tool.php previewAction server-side request forgery — SkyCaiji 6.3 Medium2025-03-01
CVE-2024-13697 Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.7.4 - Unauthenticated Limited Server-Side Request Forgery in nice_links — Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages 4.8 Medium2025-03-01
CVE-2025-1662 URL Media Uploader <= 1.0.0 - Authenticated (Author+) Server-Side Request Forgery via DNS Rebinding — URL Media Uploader 6.4 Medium2025-02-28
CVE-2024-13907 Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid <= 1.16.8 - Authenticated (Administrator+) Server-Side Request Forgery — Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid 4.9 Medium2025-02-27
CVE-2024-13905 OneStore Sites <= 0.1.1 - Unauthenticated Blind Server-Side Request Forgery — OneStore Sites 5.3 Medium2025-02-27

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1540 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.