Common Weakness Enumeration

CWE-918

Allowed

Server-Side Request Forgery (SSRF)

Abstraction: Base · Status: Incomplete

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

4606 vulnerabilities reference this CWE, most recent first.

GHSA-XFHG-3GVJ-W3C9

Vulnerability from github – Published: 2022-05-13 01:38 – Updated: 2022-05-13 01:38
VLAI
Details

Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-12071"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-09-08T14:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.",
  "id": "GHSA-xfhg-3gvj-w3c9",
  "modified": "2022-05-13T01:38:15Z",
  "published": "2022-05-13T01:38:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12071"
    },
    {
      "type": "WEB",
      "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_35_PhotoStation"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XFMF-HV5J-W87J

Vulnerability from github – Published: 2026-04-08 09:31 – Updated: 2026-04-14 18:30
VLAI
Details

Server-Side Request Forgery (SSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Server Side Request Forgery.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.19.8.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-39464"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-08T09:16:21Z",
    "severity": "MODERATE"
  },
  "details": "Server-Side Request Forgery (SSRF) vulnerability in SeedProd Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd coming-soon allows Server Side Request Forgery.This issue affects Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd: from n/a through \u003c= 6.19.8.",
  "id": "GHSA-xfmf-hv5j-w87j",
  "modified": "2026-04-14T18:30:28Z",
  "published": "2026-04-08T09:31:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39464"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Plugin/coming-soon/vulnerability/wordpress-coming-soon-page-under-construction-maintenance-mode-by-seedprod-plugin-6-19-8-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XFQ4-7GV9-V3W5

Vulnerability from github – Published: 2025-10-21 00:30 – Updated: 2025-10-21 00:30
VLAI
Details

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 8.2.5 via the wp_ajax_import_elementor_template action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-11536"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-20T22:15:36Z",
    "severity": "MODERATE"
  },
  "details": "The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 8.2.5 via the wp_ajax_import_elementor_template action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.",
  "id": "GHSA-xfq4-7gv9-v3w5",
  "modified": "2025-10-21T00:30:25Z",
  "published": "2025-10-21T00:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11536"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/tags/8.2.4/includes/setup-wizard/init.php#L420"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/97c100c3-8a96-4198-b38a-206268ff20ec?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XFQR-CG7J-569J

Vulnerability from github – Published: 2026-03-25 21:30 – Updated: 2026-03-25 21:30
VLAI
Details

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-1015"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-25T21:16:28Z",
    "severity": "MODERATE"
  },
  "details": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.",
  "id": "GHSA-xfqr-cg7j-569j",
  "modified": "2026-03-25T21:30:36Z",
  "published": "2026-03-25T21:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1015"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7266740"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XG73-5HQJ-7HWG

Vulnerability from github – Published: 2025-08-09 21:30 – Updated: 2025-08-09 21:30
VLAI
Details

A vulnerability, which was classified as problematic, has been found in Vinades NukeViet up to 4.5.06. This issue affects some unknown processing of the file /admin/index.php?language=en&nv=upload of the component Module Handler. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-8772"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-09T20:15:25Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability, which was classified as problematic, has been found in Vinades NukeViet up to 4.5.06. This issue affects some unknown processing of the file /admin/index.php?language=en\u0026nv=upload of the component Module Handler. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-xg73-5hqj-7hwg",
  "modified": "2025-08-09T21:30:23Z",
  "published": "2025-08-09T21:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8772"
    },
    {
      "type": "WEB",
      "url": "https://hkohi.ca/vulnerability/19"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.319295"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.319295"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.624976"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-XG77-2M7H-4885

Vulnerability from github – Published: 2025-05-27 18:30 – Updated: 2025-05-29 21:31
VLAI
Details

maccms10 v2025.1000.4047 is vulnerable to Server-Side request forgery (SSRF) in Friend Link Management.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-45475"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-27T18:15:31Z",
    "severity": "MODERATE"
  },
  "details": "maccms10 v2025.1000.4047 is vulnerable to Server-Side request forgery (SSRF) in Friend Link Management.",
  "id": "GHSA-xg77-2m7h-4885",
  "modified": "2025-05-29T21:31:37Z",
  "published": "2025-05-27T18:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-45475"
    },
    {
      "type": "WEB",
      "url": "https://www.yuque.com/morysummer/vx41bz/dzidfm8vn2h5k1lb"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XG8C-MW7J-WCV9

Vulnerability from github – Published: 2022-05-24 19:14 – Updated: 2022-05-24 19:14
VLAI
Details

On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery (SSRF) attacks through F5 Advanced Web Application Firewall (WAF) and the BIG-IP ASM Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-23029"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-14T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery (SSRF) attacks through F5 Advanced Web Application Firewall (WAF) and the BIG-IP ASM Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
  "id": "GHSA-xg8c-mw7j-wcv9",
  "modified": "2022-05-24T19:14:48Z",
  "published": "2022-05-24T19:14:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23029"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K52420610"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-XG93-7QJ8-C5VG

Vulnerability from github – Published: 2023-06-08 21:30 – Updated: 2024-04-04 04:40
VLAI
Details

An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-34959"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-08T19:15:10Z",
    "severity": "MODERATE"
  },
  "details": "An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools.",
  "id": "GHSA-xg93-7qj8-c5vg",
  "modified": "2024-04-04T04:40:47Z",
  "published": "2023-06-08T21:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34959"
    },
    {
      "type": "WEB",
      "url": "https://github.com/chamilo/chamilo-lms/commit/cc278f01864948b1fb160e03f0a3dc0875d5f81f"
    },
    {
      "type": "WEB",
      "url": "https://github.com/chamilo/chamilo-lms/commit/ea5791ff8ce6ea45148a171b0da5348a7c415e6f"
    },
    {
      "type": "WEB",
      "url": "https://github.com/chamilo/chamilo-lms/commit/ed946908fef23e8aa4cefc28f745f3cd6710099f"
    },
    {
      "type": "WEB",
      "url": "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-111-2023-04-20-Moderate-impact-Low-risk-Multiple-blind-SSRF-in-links-and-social-tools"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XGC5-WM9V-RQR3

Vulnerability from github – Published: 2024-12-13 15:30 – Updated: 2026-04-01 18:32
VLAI
Details

Server-Side Request Forgery (SSRF) vulnerability in Hep Hep Hurra (HHH) Hurrakify allows Server Side Request Forgery.This issue affects Hurrakify: from n/a through 2.4.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-54330"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-13T15:15:40Z",
    "severity": "HIGH"
  },
  "details": "Server-Side Request Forgery (SSRF) vulnerability in Hep Hep Hurra (HHH) Hurrakify allows Server Side Request Forgery.This issue affects Hurrakify: from n/a through 2.4.",
  "id": "GHSA-xgc5-wm9v-rqr3",
  "modified": "2026-04-01T18:32:46Z",
  "published": "2024-12-13T15:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54330"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/hurrakify/vulnerability/wordpress-hurrakify-plugin-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XGCH-X3MX-CM3C

Vulnerability from github – Published: 2026-07-15 21:58 – Updated: 2026-07-15 21:58
VLAI
Summary
safeurl is Missing IPv6 CIDR Ranges in Blocklist
Details

The privateNetworks blocklist was found to be missing newly added CIDR ranges. More specifically, the following CIDR ranges were not being blocked: - 64:ff9b:1::/48: NAT64 local-use prefix (RFC 8215) - 5f00::/16: Segment Routing (SRv6) SIDs (RFC 9602) - 3fff::/20: documentation prefix (RFC 9637) - 100:0:0:1::/64: Dummy IPv6 Prefix (RFC 9780)

Impact

If exploited, an attacker would potentially be able to reach resources hosted on the IPs residing in the missing ranges.

Workarounds

Disable IPv6 by setting EnableIPv6(false). This is the default behavior of the library.

Resolution

Upgrade to v0.2.4

Credits

safeurl thanks @tonghuaroot for reporting.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/doyensec/safeurl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-54452"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-15T21:58:03Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "The `privateNetworks` blocklist was found to be missing newly added CIDR ranges. More specifically, the following CIDR ranges were not being blocked:\n- `64:ff9b:1::/48`: NAT64 local-use prefix (RFC 8215)\n- `5f00::/16`: Segment Routing (SRv6) SIDs (RFC 9602)\n- `3fff::/20`: documentation prefix (RFC 9637)\n- `100:0:0:1::/64`: Dummy IPv6 Prefix (RFC 9780)\n\n### Impact\nIf exploited, an attacker would potentially be able to reach resources hosted on the IPs residing in the missing ranges.\n\n### Workarounds\nDisable IPv6 by setting `EnableIPv6(false)`. This is the default behavior of the library.\n\n### Resolution\nUpgrade to v0.2.4\n\n### Credits\nsafeurl thanks @tonghuaroot for reporting.",
  "id": "GHSA-xgch-x3mx-cm3c",
  "modified": "2026-07-15T21:58:03Z",
  "published": "2026-07-15T21:58:03Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/doyensec/safeurl/security/advisories/GHSA-xgch-x3mx-cm3c"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/doyensec/safeurl"
    },
    {
      "type": "WEB",
      "url": "https://github.com/doyensec/safeurl/releases/tag/v0.2.4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "safeurl is Missing IPv6 CIDR Ranges in Blocklist"
}

No mitigation information available for this CWE.

CAPEC-664: Server Side Request Forgery

An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.