Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1574

1574 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CWE-918, Server-Side Request Forgery, is a critical web security weakness where an application allows users to specify URLs that the server subsequently fetches without adequate validation. Attackers typically exploit this by manipulating input parameters to force the server to access internal resources, such as cloud metadata services or local network endpoints, which are otherwise inaccessible from the outside. This bypasses perimeter defenses, potentially leading to sensitive data exposure or internal network reconnaissance. To mitigate SSRF, developers must implement strict input validation, ensuring that only whitelisted domains and protocols are permitted. Additionally, employing network-level controls like firewalls to restrict outbound connections from the application server and isolating internal services from public-facing interfaces significantly reduces the attack surface, preventing unauthorized internal access.

MITRE CWE Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Common Consequences (3)
ConfidentialityRead Application Data
IntegrityExecute Unauthorized Code or Commands
Access ControlBypass Protection Mechanism
By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts i…
Examples (1)
This code intends to receive a URL from a user, access the URL, and return the results to the user.
$url = $_GET['url']; # User-controlled input # Fetch the content of the provided URL $response = file_get_contents($url); echo $response;
Bad · PHP
# Define allowed URLs (or domains) $allowed_urls = [ 'https://example.com/data.json', 'https://api.example.com/info', ]; # Get the user-provided URL $url = $_GET['url'] ?? ''; # Validate against allowed URLs if (!in_array($url, $allowed_urls)) { http_response_code(400); echo "Invalid or unauthorized URL."; exit; } # Fetch content safely $response = @file_get_contents($url); if ($response === false) { http_response_code(500); echo "Failed to fetch content."; exit; } echo htmlspecialchars($response); # Escape output for safety
Good · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2024-39637 WordPress Edubin theme <= 9.2.0 - Server Side Request Forgery (SSRF) vulnerability — Edubin 5.4 Medium2024-08-01
CVE-2024-38791 WordPress AI ENGINE plugin <= 2.4.7 - Server Side Request Forgery (SSRF) vulnerability — AI Engine: ChatGPT Chatbot 4.9 Medium2024-08-01
CVE-2024-2090 Remote Content Shortcode <= 1.5 - Authenticated (Contributor+) Server-Side Request Forgery — Remote Content Shortcode 6.4 Medium2024-08-01
CVE-2024-7330 YouDianCMS ydLib.php curl_exec server-side request forgery — YouDianCMS 6.3 Medium2024-07-31
CVE-2024-41118 streamlit-geospatial blind SSRF in pages/7_📦_Web_Map_Service.py — streamlit-geospatial 7.5 High2024-07-26
CVE-2024-41813 txtdot SSRF vulnerability in /proxy — txtdot 7.5 High2024-07-26
CVE-2024-41812 txtdot SSRF vulnerability in /get — txtdot 7.5 High2024-07-26
CVE-2024-6922 Server-Side Request Forgery in Automation 360 — Automation 360 8.2 -2024-07-26
CVE-2024-41668 cBioPortal Proxy Endpoint Vulnerabliity — cbioportal 8.3 High2024-07-23
CVE-2024-41664 Blind SSRF via Canarytoken Webhook — canarytokens 5.4 Medium2024-07-23
CVE-2024-37942 WordPress BerqWP plugin <= 1.7.5 - Unauthenticated Non-Blind Server Side Request Forgery (SSRF) vulnerability — BerqWP 7.2 High2024-07-22
CVE-2024-38723 WordPress Get Use APIs – JSON Content Importer plugin <= 1.5.6 - Server Side Request Forgery (SSRF) vulnerability — JSON Content Importer 6.4 Medium2024-07-22
CVE-2024-38728 WordPress Seraphinite Post .DOCX Source plugin <= 2.16.9 - Server Side Request Forgery (SSRF) vulnerability — Seraphinite Post .DOCX Source 7.1 High2024-07-22
CVE-2024-38730 WordPress Magical Addons For Elementor plugin <= 1.1.41 - Server Side Request Forgery (SSRF) vulnerability — Magical Addons For Elementor 4.9 Medium2024-07-22
CVE-2024-38758 WordPress WappPress plugin <= 6.0.4 - Blind Server Side Request Forgery (SSRF) vulnerability — WappPress 4.9 Medium2024-07-20
CVE-2024-29736 Apache CXF: SSRF vulnerability via WADL stylesheet parameter — Apache CXF 9.1 -2024-07-19
CVE-2024-21527 Gotenberg 安全漏洞 — github.com/gotenberg/gotenberg/v8/pkg/gotenberg 8.2 High2024-07-19
CVE-2024-40898 Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows — Apache HTTP Server 7.5AIHighAI2024-07-18
CVE-2024-31979 Apache StreamPipes: Possibility of SSRF in pipeline element installation process — Apache StreamPipes 8.1AIHighAI2024-07-17
CVE-2024-40632 Linkerd potential access to the shutdown endpoint — linkerd2 3.7 Low2024-07-15
CVE-2024-39739 IBM Datacap Navigator server-side request forgery — Datacap Navigator 5.4 Medium2024-07-15
CVE-2024-32987 Microsoft SharePoint Server Information Disclosure Vulnerability — Microsoft SharePoint Enterprise Server 2016 7.5 High2024-07-09
CVE-2024-37171 [CVE-2024-37171] Server-Side Request Forgery (SSRF) in SAP Transportation Management (Collaboration Portal) — SAP Transportation Management (Collaboration Portal) 5.0 Medium2024-07-09
CVE-2024-34689 [CVE-2024-34689] Server-Side Request Forgery in SAP Business Workflow (WebFlow Services) — SAP Business Workflow (WebFlow Services) 5.0 Medium2024-07-09
CVE-2024-39598 [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI) — SAP CRM WebClient UI 5.0 Medium2024-07-09
CVE-2024-39699 Directus has a Blind SSRF On File Import — directus 5.0 Medium2024-07-08
CVE-2024-31897 IBM Cloud Pak for Business Automation server-side request forgery — Cloud Pak for Business Automation 4.3 Medium2024-07-08
CVE-2024-6095 SSRF and Partial LFI in /models/apply Endpoint in mudler/localai — mudler/localai 5.3AIMediumAI2024-07-06
CVE-2024-37208 WordPress WP Scraper plugin <= 5.7 - Server Side Request Forgery (SSRF) vulnerability — WP Scraper 4.9 Medium2024-07-06
CVE-2024-37260 WordPress Foxiz Theme theme <= 2.3.5 - Server Side Request Forgery (SSRF) vulnerability — Foxiz 7.2 High2024-07-06

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1574 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.