Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1540

1540 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CWE-918, Server-Side Request Forgery, is a critical web security weakness where an application allows users to specify URLs that the server subsequently fetches without adequate validation. Attackers typically exploit this by manipulating input parameters to force the server to access internal resources, such as cloud metadata services or local network endpoints, which are otherwise inaccessible from the outside. This bypasses perimeter defenses, potentially leading to sensitive data exposure or internal network reconnaissance. To mitigate SSRF, developers must implement strict input validation, ensuring that only whitelisted domains and protocols are permitted. Additionally, employing network-level controls like firewalls to restrict outbound connections from the application server and isolating internal services from public-facing interfaces significantly reduces the attack surface, preventing unauthorized internal access.

MITRE CWE Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Common Consequences (3)
ConfidentialityRead Application Data
IntegrityExecute Unauthorized Code or Commands
Access ControlBypass Protection Mechanism
By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts i…
Examples (1)
This code intends to receive a URL from a user, access the URL, and return the results to the user.
$url = $_GET['url']; # User-controlled input # Fetch the content of the provided URL $response = file_get_contents($url); echo $response;
Bad · PHP
# Define allowed URLs (or domains) $allowed_urls = [ 'https://example.com/data.json', 'https://api.example.com/info', ]; # Get the user-provided URL $url = $_GET['url'] ?? ''; # Validate against allowed URLs if (!in_array($url, $allowed_urls)) { http_response_code(400); echo "Invalid or unauthorized URL."; exit; } # Fetch content safely $response = @file_get_contents($url); if ($response === false) { http_response_code(500); echo "Failed to fetch content."; exit; } echo htmlspecialchars($response); # Escape output for safety
Good · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2024-54330 WordPress Hurrakify plugin <= 2.4 - Server Side Request Forgery (SSRF) vulnerability — Hurrakify 7.2 High2024-12-13
CVE-2024-11836 Server-side Request Forgery — PlexTrac 7.5 -2024-12-13
CVE-2024-54197 Server-Side Request Forgery in SAP NetWeaver Administrator (System Overview) — SAP NetWeaver Administrator(System Overview) 7.2 High2024-12-10
CVE-2024-47578 Multiple vulnerabilities in SAP NetWeaver AS for JAVA(Adobe Document Services) — SAP NetWeaver AS for JAVA (Adobe Document Services) 9.1 Critical2024-12-10
CVE-2024-48874 Ruijie Reyee OS Server-Side Request Forgery — Reyee OS 9.8 Critical2024-12-06
CVE-2024-6784 SSRF Server Side Request Forgery — ASPECT-Enterprise 9.9 Critical2024-12-05
CVE-2024-54000 Mobile Security Framework (MobSF) bypass of SSRF fix — Mobile-Security-Framework-MobSF 7.5 High2024-12-03
CVE-2024-53738 WordPress Asset CleanUp: Page Speed Booster plugin <=1.3.9.8 - Server Side Request Forgery (SSRF) vulnerability — Asset CleanUp: Page Speed Booster 4.4 Medium2024-11-30
CVE-2024-53983 Server-side request forgery in Backstage Scaffolder plugin — backstage 5.4 Medium2024-11-29
CVE-2024-32965 ssrf vulnerability in lobe-chat — lobe-chat 8.1 High2024-11-26
CVE-2024-6538 Openshift-console: openshift console: server-side request forgery 5.3 Medium2024-11-25
CVE-2024-9710 PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability — PostHog 6.5 -2024-11-22
CVE-2024-11618 IPC Unigy Management System HTTP Request server-side request forgery — Unigy Management System 7.3 High2024-11-22
CVE-2021-38135 Possible External service interaction Vulnerability in OpenText iManager — iManager 8.6 High2024-11-22
CVE-2024-38645 Notes Station 3 — Notes Station 3 6.5 -2024-11-22
CVE-2024-10524 GNU Wget is vulnerable to an SSRF attack when accessing partially-user-controlled shorthand URLs — wget 6.5 Medium2024-11-19
CVE-2024-47208 Apache OFBiz: URLs allowing remote use of Groovy expressions, leading to RCE — Apache OFBiz 9.8AICriticalAI2024-11-18
CVE-2021-3742 Server-Side Request Forgery (SSRF) in chatwoot/chatwoot — chatwoot/chatwoot 5.4AIMediumAI2024-11-15
CVE-2024-5917 PAN-OS: Server-Side Request Forgery in WildFire — Cloud NGFW 5.3AIMediumAI2024-11-14
CVE-2024-49521 Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918) — Adobe Commerce 7.7 High2024-11-12
CVE-2024-51785 WordPress Responsive Filterable Portfolio plugin <= 1.0.22 - Server Side Request Forgery (SSRF) vulnerability — Responsive Filterable Portfolio 4.4 Medium2024-11-09
CVE-2024-10814 Code Embed <= 2.5 - Authenticated (Contributor+) Server-Side Request Forgery — Code Embed 6.4 Medium2024-11-09
CVE-2024-51740 SSRF through arbitrary PHP class instantiation in the user portal in Combodo iTop — iTop 4.3 Medium2024-11-05
CVE-2024-51665 WordPress Magical Addons For Elementor plugin <= 1.2.1 - Server Side Request Forgery (SSRF) vulnerability — Magical Addons For Elementor 4.9 Medium2024-11-04
CVE-2024-49312 WordPress Edwiser Bridge plugin <= 3.0.7 - Server Side Request Forgery (SSRF) vulnerability — Edwiser Bridge 4.9 Medium2024-10-17
CVE-2012-10018 Mapplic Lite and Mapplic <= (Various Versions) - Server Side Request Forgery to Cross-Site Scirpting — Mapplic Lite 8.3 High2024-10-16
CVE-2024-47830 Plane allows server side request forgery via /_next/image endpoint — plane 9.3 Critical2024-10-11
CVE-2024-45317 SonicWALL SMA1000 代码问题漏洞 — SMA1000 7.5AIHighAI2024-10-11
CVE-2024-47167 SSRF in the path parameter of /queue/join in Gradio — gradio 9.8AICriticalAI2024-10-10
CVE-2024-8977 Server-Side Request Forgery (SSRF) in GitLab — GitLab 8.2 High2024-10-10

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1540 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.