Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1581

1581 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CWE-918, Server-Side Request Forgery, is a critical web security weakness where an application allows users to specify URLs that the server subsequently fetches without adequate validation. Attackers typically exploit this by manipulating input parameters to force the server to access internal resources, such as cloud metadata services or local network endpoints, which are otherwise inaccessible from the outside. This bypasses perimeter defenses, potentially leading to sensitive data exposure or internal network reconnaissance. To mitigate SSRF, developers must implement strict input validation, ensuring that only whitelisted domains and protocols are permitted. Additionally, employing network-level controls like firewalls to restrict outbound connections from the application server and isolating internal services from public-facing interfaces significantly reduces the attack surface, preventing unauthorized internal access.

MITRE CWE Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Common Consequences (3)
ConfidentialityRead Application Data
IntegrityExecute Unauthorized Code or Commands
Access ControlBypass Protection Mechanism
By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts i…
Examples (1)
This code intends to receive a URL from a user, access the URL, and return the results to the user.
$url = $_GET['url']; # User-controlled input # Fetch the content of the provided URL $response = file_get_contents($url); echo $response;
Bad · PHP
# Define allowed URLs (or domains) $allowed_urls = [ 'https://example.com/data.json', 'https://api.example.com/info', ]; # Get the user-provided URL $url = $_GET['url'] ?? ''; # Validate against allowed URLs if (!in_array($url, $allowed_urls)) { http_response_code(400); echo "Invalid or unauthorized URL."; exit; } # Fetch content safely $response = @file_get_contents($url); if ($response === false) { http_response_code(500); echo "Failed to fetch content."; exit; } echo htmlspecialchars($response); # Escape output for safety
Good · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2024-3448 Improper Access Control Leads to Server-Side Request Forgery in Mautic — Mautic 5.0 Medium2024-04-10
CVE-2023-40148 PingFederate Server Side Request Forgery vulnerability — PingFederate 6.5 Medium2024-04-10
CVE-2024-1812 Everest Forms <= 2.0.7 - Unauthenticated Server-Side Request Forgery via font_url — Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder 7.2 High2024-04-09
CVE-2023-6964 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.1.26 - Authenticated(Contributor+) Server-Side Request Forgery (SSRF) — Kadence Blocks — Page Builder Toolkit for Gutenberg Editor 8.5 High2024-04-09
CVE-2024-2343 Avada <= 7.11.6 - Authenticated (Contributor+) Server-Side Request Forgery via form_to_url_action — Avada | Website Builder For WordPress & WooCommerce 6.4 Medium2024-04-09
CVE-2024-1233 Eap: wildfly-elytron has a ssrf security issue 7.3 High2024-04-09
CVE-2024-27898 Server-Side Request Forgery in SAP NetWeaver — SAP NetWeaver 5.3 Medium2024-04-09
CVE-2024-31288 WordPress RapidLoad plugin <= 2.2.11 - Server Side Request Forgery (SSRF) vulnerability — RapidLoad Power-Up for Autoptimize 7.2 High2024-04-07
CVE-2024-31215 Mobile Security Framework (MobSF) vulnerable to Server-Side Request Forgery (SSRF) in firebase database check — Mobile-Security-Framework-MobSF 6.3 Medium2024-04-04
CVE-2024-29007 Apache CloudStack: When downloading templates or ISOs, the management server and SSVM follow HTTP redirects with potentially dangerous consequences — Apache CloudStack 8.1 -2024-04-04
CVE-2024-20332 Cisco Identity Services Engine 安全漏洞 — Cisco Identity Services Engine Software 5.5 Medium2024-04-03
CVE-2024-30531 WordPress Nelio Content plugin <= 3.2.0 - Server Side Request Forgery (SSRF) vulnerability — Nelio Content 4.9 Medium2024-04-02
CVE-2024-30532 WordPress Builderall Builder for WordPress plugin <= 2.0.1 - Server Side Request Forgery (SSRF) vulnerability — Builderall Builder for WordPress 4.9 Medium2024-04-02
CVE-2024-24888 WordPress Gutenberg Blocks by Kadence Blocks plugin <= 3.2.25 - Server Side Request Forgery (SSRF) vulnerability — Gutenberg Blocks by Kadence Blocks 6.4 Medium2024-04-02
CVE-2024-30453 WordPress Brave plugin <= 0.6.5 - Server Side Request Forgery (SSRF) vulnerability — Brave Popup Builder 5.4 Medium2024-03-29
CVE-2024-27775 SysAid - CWE-918: Server-Side Request Forgery (SSRF) — SysAid 7.2 High2024-03-28
CVE-2023-50374 WordPress CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin <= 4.1.10 - Server Side Request Forgery (SSRF) vulnerability — CMP – Coming Soon & Maintenance 5.5 Medium2024-03-28
CVE-2023-34370 Server Side Request Forgery (SSRF) vulnerability in Starter Templates plugins — Starter Templates — Elementor, WordPress & Beaver Builder Templates 7.1 High2024-03-28
CVE-2023-36679 WordPress Spectra plugin <= 2.6.6 - Server Side Request Forgery (SSRF) vulnerability — Spectra 7.1 High2024-03-28
CVE-2023-39313 WordPress Avada theme <= 7.11.1 - Authenticated Server Side Request Forgery (SSRF) vulnerability — Avada 7.7 High2024-03-28
CVE-2024-23500 WordPress Kadence Blocks plugin <= 3.2.19 - Server Side Request Forgery (SSRF) vulnerability — Gutenberg Blocks by Kadence Blocks 7.7 High2024-03-28
CVE-2024-29090 WordPress AI Engine plugin <= 2.1.4 - Server Side Request Forgery (SSRF) vulnerability — AI Engine: ChatGPT Chatbot 6.8 Medium2024-03-28
CVE-2024-2206 SSRF Vulnerability in gradio-app/gradio — gradio-app/gradio 7.1 -2024-03-27
CVE-2024-29190 MobSF SSRF Vulnerability on assetlinks_check(act_name, well_knowns) — Mobile-Security-Framework-MobSF 7.5 High2024-03-22
CVE-2024-2828 lakernote EasyAdmin IndexController.java thumbnail server-side request forgery — EasyAdmin 6.3 Medium2024-03-22
CVE-2024-2827 lakernote EasyAdmin saveReportFile server-side request forgery — EasyAdmin 6.3 Medium2024-03-22
CVE-2024-27098 Blind Server-Side Request Forgery (SSRF) using Arbitrary Object Instantiation in GLPI — glpi 6.4 Medium2024-03-18
CVE-2024-28752 Apache CXF SSRF Vulnerability using the Aegis databinding — Apache CXF 9.1 -2024-03-15
CVE-2024-1884 Server Side Request Forgery in PaperCut NG/MF — PaperCut NG, PaperCut MF 6.5 Medium2024-03-14
CVE-2024-2049 Server-Side Request Forgery (SSRF) — Citrix SD-WAN Standard/Premium Editions 6.5 Medium2024-03-12

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1581 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.