Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1540

1540 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CWE-918, Server-Side Request Forgery, is a critical web security weakness where an application allows users to specify URLs that the server subsequently fetches without adequate validation. Attackers typically exploit this by manipulating input parameters to force the server to access internal resources, such as cloud metadata services or local network endpoints, which are otherwise inaccessible from the outside. This bypasses perimeter defenses, potentially leading to sensitive data exposure or internal network reconnaissance. To mitigate SSRF, developers must implement strict input validation, ensuring that only whitelisted domains and protocols are permitted. Additionally, employing network-level controls like firewalls to restrict outbound connections from the application server and isolating internal services from public-facing interfaces significantly reduces the attack surface, preventing unauthorized internal access.

MITRE CWE Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Common Consequences (3)
ConfidentialityRead Application Data
IntegrityExecute Unauthorized Code or Commands
Access ControlBypass Protection Mechanism
By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts i…
Examples (1)
This code intends to receive a URL from a user, access the URL, and return the results to the user.
$url = $_GET['url']; # User-controlled input # Fetch the content of the provided URL $response = file_get_contents($url); echo $response;
Bad · PHP
# Define allowed URLs (or domains) $allowed_urls = [ 'https://example.com/data.json', 'https://api.example.com/info', ]; # Get the user-provided URL $url = $_GET['url'] ?? ''; # Validate against allowed URLs if (!in_array($url, $allowed_urls)) { http_response_code(400); echo "Invalid or unauthorized URL."; exit; } # Fetch content safely $response = @file_get_contents($url); if ($response === false) { http_response_code(500); echo "Failed to fetch content."; exit; } echo htmlspecialchars($response); # Escape output for safety
Good · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2024-13360 AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Subscriber+) Server-Side Request Forgery — AI Puffer – Your AI engine for WordPress (formerly AI Power) 5.4 Medium2025-01-22
CVE-2023-50733 A Server-Side Request Forgery (SSRF) vulnerability exists in newer Lexmark devices. — various 8.6 High2025-01-21
CVE-2024-45479 Apache Ranger: SSRF in Edit Service page - Add logic to filter requests to localhost — Apache Ranger 5.3 -2025-01-21
CVE-2025-0584 aEnrich Technology a+HRD - Server-Side Request Forgery (SSRF) — a+HRD 5.3 Medium2025-01-20
CVE-2024-52602 Server-Side Request Forgery (SSRF) on redirects and federation in Matrix Media Repo — matrix-media-repo 5.0 Medium2025-01-16
CVE-2024-52594 Server-Side Request Forgery (SSRF) on redirects and federation in gomatrixserverlib — gomatrixserverlib 4.3 Medium2025-01-16
CVE-2025-0480 wuzhicms config.php test server-side request forgery — wuzhicms 4.3 Medium2025-01-15
CVE-2025-22346 WordPress Course Migration for LearnDash plugin 1.0.2 - Server Side Request Forgery (SSRF) vulnerability — Course Migration for LearnDash 6.4 Medium2025-01-15
CVE-2025-0474 Invoice Ninja PDF Rendering Server Side Request Forgery — Invoice Ninja 7.7 High2025-01-14
CVE-2025-21385 Microsoft Purview Information Disclosure Vulnerability — Microsoft Purview 8.8 High2025-01-09
CVE-2024-53705 SonicWALL SonicOS 安全漏洞 — SonicOS 7.5 -2025-01-09
CVE-2024-13195 donglight bookstore电商书城系统说明 HttpUtil.java getHtml server-side request forgery — bookstore电商书城系统说明 6.3 Medium2025-01-08
CVE-2024-56275 WordPress Envato Elements plugin <= 2.0.14 - Server Side Request Forgery (SSRF) vulnerability — Envato Elements 4.1 Medium2025-01-07
CVE-2024-56279 WordPress Compact WP Audio Player plugin <= 1.9.14 - Server Side Request Forgery (SSRF) vulnerability — Compact WP Audio Player 6.4 Medium2025-01-07
CVE-2024-13139 wangl1989 mysiteforme FileController doContent server-side request forgery — mysiteforme 6.3 Medium2025-01-05
CVE-2024-12237 Photo Gallery Slideshow & Masonry Tiled Gallery <= 1.0.15 - Authenticated (Subscriber+) Limited Server-Side Request Forgery — Photo Gallery Slideshow & Masonry Tiled Gallery 4.3 Medium2025-01-03
CVE-2024-56800 Firecrawl has SSRF Vulnerability via malicious scrape target — firecrawl 7.4 High2024-12-30
CVE-2024-10044 SSRF in POST /worker_generate_stream API endpoint in lm-sys/fastchat — lm-sys/fastchat 9.8 -2024-12-30
CVE-2024-13032 Antabot White-Jotter Article Editor editor server-side request forgery — White-Jotter 2.7 Low2024-12-30
CVE-2024-13029 Antabot White-Jotter Edit Book book server-side request forgery — White-Jotter 4.3 Medium2024-12-29
CVE-2024-12989 WISI Tangram GT31 HTTP Request server-side request forgery — Tangram GT31 5.3 Medium2024-12-27
CVE-2024-51463 IBM i server-side request forgery — i 5.4 Medium2024-12-21
CVE-2024-12867 Server-Side Request Forgery in Arctic Hub URL Mapper allows an unauthenticated remote attacker to exfiltrate and modify configurations and data — Arctic Hub 9.1 -2024-12-20
CVE-2024-49336 IBM Security Guardium server-side request forgery — Security Guardium 6.5 Medium2024-12-19
CVE-2024-12801 SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks — logback 7.5 -2024-12-19
CVE-2024-12121 Broken Link Checker | Finder <= 2.5.0 - Authenticated (Author+) Blind Server-Side Request Forgery — Broken Link Checker | Finder 5.4 Medium2024-12-19
CVE-2024-52579 Server-Side Request Forgery vulnerability in various APIs in Misskey — misskey 6.4 Medium2024-12-18
CVE-2024-55089 Rhymix 安全漏洞 — Rhymix 4.1 Medium2024-12-18
CVE-2024-9624 WP All Import Pro <= 4.9.3 - Authenticated (Administrator+) Server-Side Request Forgery via File Import — WP All Import Pro 7.6 High2024-12-17
CVE-2024-54385 WordPress Radio Player plugin <= 2.0.83 - Server Side Request Forgery (SSRF) vulnerability — Radio Player 7.2 High2024-12-16

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1540 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.