Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1540

1540 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CWE-918, Server-Side Request Forgery, is a critical web security weakness where an application allows users to specify URLs that the server subsequently fetches without adequate validation. Attackers typically exploit this by manipulating input parameters to force the server to access internal resources, such as cloud metadata services or local network endpoints, which are otherwise inaccessible from the outside. This bypasses perimeter defenses, potentially leading to sensitive data exposure or internal network reconnaissance. To mitigate SSRF, developers must implement strict input validation, ensuring that only whitelisted domains and protocols are permitted. Additionally, employing network-level controls like firewalls to restrict outbound connections from the application server and isolating internal services from public-facing interfaces significantly reduces the attack surface, preventing unauthorized internal access.

MITRE CWE Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Common Consequences (3)
ConfidentialityRead Application Data
IntegrityExecute Unauthorized Code or Commands
Access ControlBypass Protection Mechanism
By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts i…
Examples (1)
This code intends to receive a URL from a user, access the URL, and return the results to the user.
$url = $_GET['url']; # User-controlled input # Fetch the content of the provided URL $response = file_get_contents($url); echo $response;
Bad · PHP
# Define allowed URLs (or domains) $allowed_urls = [ 'https://example.com/data.json', 'https://api.example.com/info', ]; # Get the user-provided URL $url = $_GET['url'] ?? ''; # Validate against allowed URLs if (!in_array($url, $allowed_urls)) { http_response_code(400); echo "Invalid or unauthorized URL."; exit; } # Fetch content safely $response = @file_get_contents($url); if ($response === false) { http_response_code(500); echo "Failed to fetch content."; exit; } echo htmlspecialchars($response); # Escape output for safety
Good · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2022-1977 WP Ultimate CSV Importer < 6.5.3 - Admin+ Blind SSRF — Import Export All WordPress Images, Users & Post Types 6.5 -2022-06-27
CVE-2022-23080 directus - SSRF which leads to internal port scan — directus 5.0 -2022-06-22
CVE-2022-23071 Recipes - SSRF on Import — recipes 6.5 -2022-06-19
CVE-2022-29612 SAP Host Agent 代码问题漏洞 — SAP NetWeaver, ABAP Platform and SAP Host Agent--2022-06-14
CVE-2022-28217 SAP NetWeaver 代码问题漏洞 — SAP NetWeaver (EP Web Page Composer) 6.5 -2022-06-13
CVE-2022-24969 bypass of CVE-2021-25640 — Apache Dubbo 6.1 -2022-06-06
CVE-2022-1285 Server-Side Request Forgery (SSRF) in gogs/gogs — gogs/gogs 8.2 -2022-06-01
CVE-2021-40186 DNN CMS Server-Side Request Forgery (SSRF) — DNN Platform 6.5 Medium2022-05-31
CVE-2022-29188 Smokescreen SSRF via deny list bypass (square brackets) in Smokescreen — smokescreen 5.3 Medium2022-05-20
CVE-2022-1784 Server-Side Request Forgery (SSRF) in jgraph/drawio — jgraph/drawio 7.5 -2022-05-20
CVE-2022-1767 Server-Side Request Forgery (SSRF) in jgraph/drawio — jgraph/drawio 7.5 -2022-05-18
CVE-2022-24856 Server-Side Request Forgery in FlyteConsole — flyteconsole 9.1 Critical2022-05-17
CVE-2022-1711 Server-Side Request Forgery (SSRF) in jgraph/drawio — jgraph/drawio 7.5 -2022-05-17
CVE-2022-1723 Server-Side Request Forgery (SSRF) in jgraph/drawio — jgraph/drawio 7.5 -2022-05-17
CVE-2022-1713 SSRF on /proxy in jgraph/drawio — jgraph/drawio 7.5 -2022-05-16
CVE-2022-1722 SSRF in editor's proxy via IPv6 link-local address in jgraph/drawio — jgraph/drawio 6.2 -2022-05-16
CVE-2022-1398 External Media without Import <= 1.1.2 - Subscriber+ Blind SSRF — External Media without Import 6.5 -2022-05-16
CVE-2022-1386 Fusion Builder < 3.6.2 - Unauthenticated SSRF — Fusion Builder 9.1 -2022-05-16
CVE-2022-1379 URL Restriction Bypass in plantuml/plantuml — plantuml/plantuml 10.0 -2022-05-14
CVE-2022-29180 Charm vulnerable to server-side request forgery (SSRF) — charm 5.9 Medium2022-05-07
CVE-2022-1592 Server-Side Request Forgery in scout in clinical-genomics/scout — clinical-genomics/scout 8.2 -2022-05-05
CVE-2022-1239 HubSpot < 8.8.15 - Contributor+ Blind SSRF — HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics 8.1 -2022-05-02
CVE-2021-36203 Johnson Controls Metasys SCT Pro — Metasys System Configuration Tool (SCT) 5.3 Medium2022-04-22
CVE-2022-24871 Server-Side Request Forgery (SSRF) in Shopware — platform 7.2 High2022-04-20
CVE-2022-24862 Server-Side Request Forgery in Databasir — databasir 7.7 High2022-04-20
CVE-2022-24825 Smokescreen SSRF via deny list bypass — smokescreen 5.8 Medium2022-04-19
CVE-2022-1037 EXMAGE < 1.0.7 - Admin+ Blind SSRF — EXMAGE – WordPress Image Links 8.8 -2022-04-18
CVE-2021-36202 Metasys UI — Metasys 8.4 High2022-04-07
CVE-2022-1213 SSRF filter bypass port 80, 433 in livehelperchat/livehelperchat — livehelperchat/livehelperchat 8.1 -2022-04-05
CVE-2022-0990 Server-Side Request Forgery (SSRF) in janeczku/calibre-web — janeczku/calibre-web 9.4 -2022-04-04

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1540 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.