VYPR

CWE-918

Server-Side Request Forgery (SSRF)

BaseIncomplete

Description

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-664

CVEs mapped to this weakness (1,583)

page 7 of 80
  • CVE-2016-7051HigApr 14, 2017
    risk 0.56cvss 8.6epss 0.02

    XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.

  • CVE-2017-7569HigApr 6, 2017
    risk 0.56cvss 8.6epss 0.01

    In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037.

  • CVE-2016-6621HigJan 31, 2017
    risk 0.56cvss 8.6epss 0.02

    The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.

  • CVE-2016-9752HigDec 1, 2016
    risk 0.56cvss 8.6epss 0.01

    In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code.

  • CVE-2016-7964HigOct 31, 2016
    risk 0.56cvss 8.6epss 0.02

    The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8,…

  • CVE-2016-4029HigAug 7, 2016
    risk 0.56cvss 8.6epss 0.05

    WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address.

  • CVE-2026-41461HigApr 23, 2026
    risk 0.55cvss 8.5epss 0.00

    SocialEngine versions 7.8.0 and prior contain a blind server-side request forgery vulnerability in the /core/link/preview endpoint where user-supplied input passed via the uri request parameter is not sanitized before being used to construct outbound HTTP requests. Authenticated…

  • CVE-2026-35548HigApr 22, 2026
    risk 0.55cvss 8.5epss 0.00

    An issue was discovered in guardsix (formerly Logpoint) ODBC Enrichment Plugins before 5.2.1 (5.2.1 is used in guardsix 7.9.0.0). A logic flaw allowed stored database credentials to be reused after modification of the target Host, IP address, or Port. When editing an existing…

  • CVE-2026-38527HigApr 14, 2026
    risk 0.55cvss 8.5epss 0.00

    A Server-Side Request Forgery (SSRF) in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying a crafted POST request.

  • CVE-2026-5936HigApr 13, 2026
    risk 0.55cvss 8.5epss 0.00

    An attacker can control a server-side HTTP request by supplying a crafted URL, causing the server to initiate requests to arbitrary destinations. This behavior may be exploited to probe internal network services, access otherwise unreachable endpoints (e.g., cloud metadata…

  • CVE-2026-30232CriApr 10, 2026
    risk 0.55cvss 9.6epss 0.00

    Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using…

  • CVE-2026-31818CriApr 3, 2026
    risk 0.55cvss 9.6epss 0.00

    Budibase is an open-source low-code platform. Prior to version 3.33.4, a server-side request forgery (SSRF) vulnerability exists in Budibase's REST datasource connector. The platform's SSRF protection mechanism (IP blacklist) is rendered completely ineffective because the…

  • CVE-2026-2274HigFeb 19, 2026
    risk 0.55cvss epss 0.00

    A SSRF and Arbitrary File Read vulnerability in AppSheet Core in Google AppSheet prior to 2025-11-23 allows an authenticated remote attacker to read sensitive local files and access internal network resources via crafted requests to the production cluster. This…

  • CVE-2024-4404HigJun 14, 2024
    risk 0.55cvss 8.5epss 0.00

    The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary…

  • CVE-2024-5031HigMay 22, 2024
    risk 0.55cvss 8.5epss 0.00

    The Memberpress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.11.29 via the 'mepr-user-file' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web…

  • CVE-2023-6964HigApr 9, 2024
    risk 0.55cvss 8.5epss 0.00

    The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.26 via the 'kadence_import_get_new_connection_data' AJAX action. This makes it possible for authenticated…

  • CVE-2023-1895HigJun 9, 2023
    risk 0.55cvss 8.5epss 0.01

    The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the get_remote_content REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions or above to make web…

  • CVE-2022-3708CriOct 28, 2022
    risk 0.55cvss 9.6epss 0.01

    The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the 'url' parameter found via the /v1/hotlink/proxy REST API Endpoint. This makes it possible for…

  • CVE-2018-1789HigSep 7, 2018
    risk 0.55cvss 8.4epss 0.01

    IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939.

  • CVE-2026-11424HigJun 5, 2026
    risk 0.54cvss epss 0.00

    A server-side request forgery (SSRF) vulnerability exists in a GraphQL service component shared by Altium Enterprise Server and Altium 365. An authenticated user can submit a request whose input is treated as a URL by the server and used to issue an outbound HTTP GET request…