Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1540

1540 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CWE-918, Server-Side Request Forgery, is a critical web security weakness where an application allows users to specify URLs that the server subsequently fetches without adequate validation. Attackers typically exploit this by manipulating input parameters to force the server to access internal resources, such as cloud metadata services or local network endpoints, which are otherwise inaccessible from the outside. This bypasses perimeter defenses, potentially leading to sensitive data exposure or internal network reconnaissance. To mitigate SSRF, developers must implement strict input validation, ensuring that only whitelisted domains and protocols are permitted. Additionally, employing network-level controls like firewalls to restrict outbound connections from the application server and isolating internal services from public-facing interfaces significantly reduces the attack surface, preventing unauthorized internal access.

MITRE CWE Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Common Consequences (3)
ConfidentialityRead Application Data
IntegrityExecute Unauthorized Code or Commands
Access ControlBypass Protection Mechanism
By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts i…
Examples (1)
This code intends to receive a URL from a user, access the URL, and return the results to the user.
$url = $_GET['url']; # User-controlled input # Fetch the content of the provided URL $response = file_get_contents($url); echo $response;
Bad · PHP
# Define allowed URLs (or domains) $allowed_urls = [ 'https://example.com/data.json', 'https://api.example.com/info', ]; # Get the user-provided URL $url = $_GET['url'] ?? ''; # Validate against allowed URLs if (!in_array($url, $allowed_urls)) { http_response_code(400); echo "Invalid or unauthorized URL."; exit; } # Fetch content safely $response = @file_get_contents($url); if ($response === false) { http_response_code(500); echo "Failed to fetch content."; exit; } echo htmlspecialchars($response); # Escape output for safety
Good · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2023-41804 WordPress Starter Templates Plugin <= 3.2.4 is vulnerable to Server Side Request Forgery (SSRF) — Starter Templates — Elementor, WordPress & Beaver Builder Templates 7.1 High2023-12-07
CVE-2023-46641 WordPress 12 Step Meeting List Plugin <= 3.14.24 is vulnerable to Server Side Request Forgery (SSRF) — 12 Step Meeting List 4.9 Medium2023-12-07
CVE-2023-49746 WordPress SpeedyCache Plugin <= 1.1.2 is vulnerable to Server Side Request Forgery (SSRF) — SpeedyCache – Cache, Optimization, Performance 4.9 Medium2023-12-07
CVE-2023-46736 Server-Side Request Forgery in espocrm — espocrm 5.3 Medium2023-12-05
CVE-2023-46746 Authenticated PostHog users vulnerable to SSRF — posthog 4.8 Medium2023-12-01
CVE-2023-49094 Symbolicator Server Side Request Forgery vulnerability — symbolicator 4.3 Medium2023-11-30
CVE-2023-6070 Trellix Enterprise Security Manager 代码问题漏洞 — Trellix Enterprise Security Manager (ESM) 4.3 Medium2023-11-29
CVE-2023-48711 Server-Side Request Forgery (SSRF) Vulnerability in google-translate-api-browser — google-translate-api-browser 3.7 Low2023-11-24
CVE-2023-27451 WordPress Instant Images Plugin <= 5.1.0.2 is vulnerable to Server Side Request Forgery (SSRF) — Instant Images 7.2 High2023-11-22
CVE-2023-48307 Nextcloud Mail app vulnerable to Server-Side Request Forgery — security-advisories 3.5 Low2023-11-21
CVE-2023-48306 Nextcloud Server DNS pin middleware can be tricked into DNS rebinding allowing SSRF — security-advisories 5.0 Medium2023-11-21
CVE-2023-6199 Book Stack v23.10.2 - LFR via Blind SSRF — BookStack 6.5 Medium2023-11-20
CVE-2023-6124 Server-Side Request Forgery (SSRF) in salesagility/suitecrm — salesagility/suitecrm 6.5 -2023-11-14
CVE-2022-45835 WordPress PhonePe Payment Solutions Plugin <= 1.0.15 is vulnerable to Server Side Request Forgery (SSRF) — PhonePe Payment Solutions 5.8 Medium2023-11-13
CVE-2023-23684 WordPress WPGraphQL Plugin <= 1.14.5 is vulnerable to Server Side Request Forgery (SSRF) — WPGraphQL 4.4 Medium2023-11-13
CVE-2023-23800 WordPress Shortcodes Ultimate Plugin <= 5.12.6 is vulnerable to Server Side Request Forgery (SSRF) — WP Shortcodes Plugin — Shortcodes Ultimate 7.1 High2023-11-13
CVE-2023-46207 WordPress Motors – Car Dealer & Classified Ads Plugin <= 1.4.6 is vulnerable to Server Side Request Forgery (SSRF) — Motors – Car Dealer, Classifieds & Listing 4.1 Medium2023-11-13
CVE-2023-41239 WordPress PowerPress Podcasting Plugin <= 11.0.6 is vulnerable to Server Side Request Forgery (SSRF) — PowerPress Podcasting plugin by Blubrry 6.4 Medium2023-11-13
CVE-2023-37978 WordPress HTTP Headers Plugin <= 1.18.11 is vulnerable to Server Side Request Forgery (SSRF) — HTTP Headers 4.4 Medium2023-11-13
CVE-2023-38515 WordPress Church Admin Plugin <= 3.7.56 is vulnerable to Server Side Request Forgery (SSRF) — Church Admin 5.5 Medium2023-11-13
CVE-2023-34013 WordPress Poll Maker Plugin <= 4.6.2 is vulnerable to Server Side Request Forgery (SSRF) — Poll Maker – Best WordPress Poll Plugin 4.4 Medium2023-11-13
CVE-2023-31219 WordPress Download Monitor Plugin <= 4.8.1 is vulnerable to Server Side Request Forgery (SSRF) — Download Monitor 4.1 Medium2023-11-13
CVE-2023-47121 Discourse SSRF vulnerability in Embedding — discourse 3.4 Low2023-11-10
CVE-2023-46729 Sentry Next.js vulnerable to SSRF via Next.js SDK tunnel endpoint — sentry-javascript 9.3 Critical2023-11-10
CVE-2023-46730 Server-Side Request Forgery in groupoffice — groupoffice 7.4 High2023-11-07
CVE-2022-3172 Kubernetes - API server - Aggregated API server can cause clients to be redirected (SSRF) — kube-apiserver 5.1 Medium2023-11-03
CVE-2023-39301 QTS, QuTS hero, QuTScloud — QTS 4.3 Medium2023-11-03
CVE-2023-4769 Server-Side Request Forgery in ManageEngine Desktop Central — Desktop Central 6.6 Medium2023-11-03
CVE-2023-35896 IBM Content Navigator server-side request forgery — Content Navigator 5.4 Medium2023-11-03
CVE-2023-46725 FoodCoopShop Server-Side Request Forgery vulnerability — foodcoopshop 8.1 High2023-11-02

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1540 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.