Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1574

1574 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CWE-918, Server-Side Request Forgery, is a critical web security weakness where an application allows users to specify URLs that the server subsequently fetches without adequate validation. Attackers typically exploit this by manipulating input parameters to force the server to access internal resources, such as cloud metadata services or local network endpoints, which are otherwise inaccessible from the outside. This bypasses perimeter defenses, potentially leading to sensitive data exposure or internal network reconnaissance. To mitigate SSRF, developers must implement strict input validation, ensuring that only whitelisted domains and protocols are permitted. Additionally, employing network-level controls like firewalls to restrict outbound connections from the application server and isolating internal services from public-facing interfaces significantly reduces the attack surface, preventing unauthorized internal access.

MITRE CWE Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Common Consequences (3)
ConfidentialityRead Application Data
IntegrityExecute Unauthorized Code or Commands
Access ControlBypass Protection Mechanism
By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts i…
Examples (1)
This code intends to receive a URL from a user, access the URL, and return the results to the user.
$url = $_GET['url']; # User-controlled input # Fetch the content of the provided URL $response = file_get_contents($url); echo $response;
Bad · PHP
# Define allowed URLs (or domains) $allowed_urls = [ 'https://example.com/data.json', 'https://api.example.com/info', ]; # Get the user-provided URL $url = $_GET['url'] ?? ''; # Validate against allowed URLs if (!in_array($url, $allowed_urls)) { http_response_code(400); echo "Invalid or unauthorized URL."; exit; } # Fetch content safely $response = @file_get_contents($url); if ($response === false) { http_response_code(500); echo "Failed to fetch content."; exit; } echo htmlspecialchars($response); # Escape output for safety
Good · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2024-34361 Pi-hole Blind Server-Side Request Forgery (SSRF) vulnerability can lead to Remote Code Execution (RCE) — pi-hole 8.6 High2024-07-05
CVE-2024-39687 Fedify vulnerable to allowing access to internal network resources — fedify 7.2 High2024-07-05
CVE-2024-6524 ShopXO Uploader.php server-side request forgery — ShopXO 5.5 Medium2024-07-05
CVE-2024-37157 Discourse vulnerable to Server-Side Request Forgery via FastImage — discourse 6.4 Medium2024-07-03
CVE-2024-38472 Apache HTTP Server on WIndows UNC SSRF — Apache HTTP Server 7.5AIHighAI2024-07-01
CVE-2024-6424 Server-Side Request Forgery vulnerability in MESbook — MESbook 9.3 Critical2024-07-01
CVE-2023-50952 IBM InfoSphere Information Server server-side request forgery — InfoSphere Information Server 5.4 Medium2024-06-30
CVE-2024-38514 NextChat Server-Side Request Forgery (SSRF) — ChatGPT-Next-Web 7.4 High2024-06-28
CVE-2024-5736 SSRF in AdmirorFrames Joomla! Extension — AdmirorFrames 7.5AIHighAI2024-06-28
CVE-2024-5885 Server-Side Request Forgery (SSRF) in stangirard/quivr — stangirard/quivr 7.5AIHighAI2024-06-27
CVE-2024-5822 Server-Side Request Forgery (SSRF) in gaizhenbiao/ChuanhuChatGPT — gaizhenbiao/chuanhuchatgpt 7.5AIHighAI2024-06-27
CVE-2024-37098 WordPress BlossomThemes Email Newsletter plugin <= 2.2.6 - Server Side Request Forgery (SSRF) vulnerability — BlossomThemes Email Newsletter 4.4 Medium2024-06-26
CVE-2024-29173 Dell PowerProtect Data Domain 代码问题漏洞 — PowerProtect DD 6.8 Medium2024-06-26
CVE-2024-5015 WhatsUp Gold SessionControler Server-Side Request Forgery Information Disclosure Vulnerability — WhatsUp Gold 7.1 High2024-06-25
CVE-2024-5014 WhatsUp Gold GetASPReport Server-Side Request Forgery Information Disclosure — WhatsUp Gold 7.1 High2024-06-25
CVE-2023-45195 Adminer and AdminerEvo SSRF — Adminer 5.3AIMediumAI2024-06-24
CVE-2024-5746 GitHub Enterprise Server 安全漏洞 — GitHub Enterprise Server 7.6 High2024-06-20
CVE-2024-5021 WordPress Picture / Portfolio / Media Gallery <= 3.0.1 - Unauthenticated Server-Side Request Forgery — WordPress Picture / Portfolio / Media Gallery 9.3 Critical2024-06-19
CVE-2024-4404 ElementsKit PRO <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery — ElementsKit Pro 8.5 High2024-06-14
CVE-2024-37164 CVAT SSRF via custom cloud storage endpoints — cvat 7.1 High2024-06-13
CVE-2024-34111 SSRF in service connector — Adobe Commerce 6.5 Medium2024-06-13
CVE-2024-36414 SuiteCRM authenticated Server-Side Request Forgery — SuiteCRM 7.7 High2024-06-10
CVE-2024-4354 TablePress – Tables in WordPress made easy <= 2.3 - Authenticated (Author+) Server-Side Request Forgery via DNS Rebind — TablePress – Tables in WordPress made easy 6.4 Medium2024-06-07
CVE-2024-5328 SSRF Vulnerability in lunary-ai/lunary — lunary-ai/lunary 9.8AICriticalAI2024-06-06
CVE-2024-3149 SSRF in mintplex-labs/anything-llm — mintplex-labs/anything-llm 8.1AIHighAI2024-06-06
CVE-2024-4851 SSRF Vulnerability in stangirard/quivr — stangirard/quivr 9.1AICriticalAI2024-06-06
CVE-2024-3095 SSRF in Langchain Web Research Retriever in langchain-ai/langchain — langchain-ai/langchain 9.1AICriticalAI2024-06-06
CVE-2024-5186 Server Side Request Forgery (SSRF) in imartinez/privategpt — imartinez/privategpt 7.5AIHighAI2024-06-06
CVE-2024-5482 SSRF in add_webpage endpoint in parisneo/lollms-webui — parisneo/lollms-webui 9.8AICriticalAI2024-06-06
CVE-2024-4325 Server-Side Request Forgery (SSRF) in gradio-app/gradio — gradio-app/gradio 7.5AIHighAI2024-06-06

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1574 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.