CWE-918
AllowedServer-Side Request Forgery (SSRF)
Abstraction: Base · Status: Incomplete
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
4606 vulnerabilities reference this CWE, most recent first.
GHSA-XFHG-3GVJ-W3C9
Vulnerability from github – Published: 2022-05-13 01:38 – Updated: 2022-05-13 01:38Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.
{
"affected": [],
"aliases": [
"CVE-2017-12071"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-09-08T14:29:00Z",
"severity": "MODERATE"
},
"details": "Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.",
"id": "GHSA-xfhg-3gvj-w3c9",
"modified": "2022-05-13T01:38:15Z",
"published": "2022-05-13T01:38:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12071"
},
{
"type": "WEB",
"url": "https://www.synology.com/en-global/support/security/Synology_SA_17_35_PhotoStation"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XFMF-HV5J-W87J
Vulnerability from github – Published: 2026-04-08 09:31 – Updated: 2026-04-14 18:30Server-Side Request Forgery (SSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Server Side Request Forgery.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.19.8.
{
"affected": [],
"aliases": [
"CVE-2026-39464"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-08T09:16:21Z",
"severity": "MODERATE"
},
"details": "Server-Side Request Forgery (SSRF) vulnerability in SeedProd Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd coming-soon allows Server Side Request Forgery.This issue affects Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd: from n/a through \u003c= 6.19.8.",
"id": "GHSA-xfmf-hv5j-w87j",
"modified": "2026-04-14T18:30:28Z",
"published": "2026-04-08T09:31:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39464"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/coming-soon/vulnerability/wordpress-coming-soon-page-under-construction-maintenance-mode-by-seedprod-plugin-6-19-8-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XFQ4-7GV9-V3W5
Vulnerability from github – Published: 2025-10-21 00:30 – Updated: 2025-10-21 00:30The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 8.2.5 via the wp_ajax_import_elementor_template action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
{
"affected": [],
"aliases": [
"CVE-2025-11536"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-20T22:15:36Z",
"severity": "MODERATE"
},
"details": "The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 8.2.5 via the wp_ajax_import_elementor_template action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.",
"id": "GHSA-xfq4-7gv9-v3w5",
"modified": "2025-10-21T00:30:25Z",
"published": "2025-10-21T00:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11536"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/tags/8.2.4/includes/setup-wizard/init.php#L420"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/97c100c3-8a96-4198-b38a-206268ff20ec?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XFQR-CG7J-569J
Vulnerability from github – Published: 2026-03-25 21:30 – Updated: 2026-03-25 21:30IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
{
"affected": [],
"aliases": [
"CVE-2026-1015"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T21:16:28Z",
"severity": "MODERATE"
},
"details": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.",
"id": "GHSA-xfqr-cg7j-569j",
"modified": "2026-03-25T21:30:36Z",
"published": "2026-03-25T21:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1015"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7266740"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XG73-5HQJ-7HWG
Vulnerability from github – Published: 2025-08-09 21:30 – Updated: 2025-08-09 21:30A vulnerability, which was classified as problematic, has been found in Vinades NukeViet up to 4.5.06. This issue affects some unknown processing of the file /admin/index.php?language=en&nv=upload of the component Module Handler. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-8772"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-09T20:15:25Z",
"severity": "MODERATE"
},
"details": "A vulnerability, which was classified as problematic, has been found in Vinades NukeViet up to 4.5.06. This issue affects some unknown processing of the file /admin/index.php?language=en\u0026nv=upload of the component Module Handler. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-xg73-5hqj-7hwg",
"modified": "2025-08-09T21:30:23Z",
"published": "2025-08-09T21:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8772"
},
{
"type": "WEB",
"url": "https://hkohi.ca/vulnerability/19"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.319295"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.319295"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.624976"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-XG77-2M7H-4885
Vulnerability from github – Published: 2025-05-27 18:30 – Updated: 2025-05-29 21:31maccms10 v2025.1000.4047 is vulnerable to Server-Side request forgery (SSRF) in Friend Link Management.
{
"affected": [],
"aliases": [
"CVE-2025-45475"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-27T18:15:31Z",
"severity": "MODERATE"
},
"details": "maccms10 v2025.1000.4047 is vulnerable to Server-Side request forgery (SSRF) in Friend Link Management.",
"id": "GHSA-xg77-2m7h-4885",
"modified": "2025-05-29T21:31:37Z",
"published": "2025-05-27T18:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-45475"
},
{
"type": "WEB",
"url": "https://www.yuque.com/morysummer/vx41bz/dzidfm8vn2h5k1lb"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-XG8C-MW7J-WCV9
Vulnerability from github – Published: 2022-05-24 19:14 – Updated: 2022-05-24 19:14On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery (SSRF) attacks through F5 Advanced Web Application Firewall (WAF) and the BIG-IP ASM Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
{
"affected": [],
"aliases": [
"CVE-2021-23029"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-14T23:15:00Z",
"severity": "HIGH"
},
"details": "On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery (SSRF) attacks through F5 Advanced Web Application Firewall (WAF) and the BIG-IP ASM Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"id": "GHSA-xg8c-mw7j-wcv9",
"modified": "2022-05-24T19:14:48Z",
"published": "2022-05-24T19:14:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23029"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K52420610"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-XG93-7QJ8-C5VG
Vulnerability from github – Published: 2023-06-08 21:30 – Updated: 2024-04-04 04:40An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools.
{
"affected": [],
"aliases": [
"CVE-2023-34959"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-08T19:15:10Z",
"severity": "MODERATE"
},
"details": "An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools.",
"id": "GHSA-xg93-7qj8-c5vg",
"modified": "2024-04-04T04:40:47Z",
"published": "2023-06-08T21:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34959"
},
{
"type": "WEB",
"url": "https://github.com/chamilo/chamilo-lms/commit/cc278f01864948b1fb160e03f0a3dc0875d5f81f"
},
{
"type": "WEB",
"url": "https://github.com/chamilo/chamilo-lms/commit/ea5791ff8ce6ea45148a171b0da5348a7c415e6f"
},
{
"type": "WEB",
"url": "https://github.com/chamilo/chamilo-lms/commit/ed946908fef23e8aa4cefc28f745f3cd6710099f"
},
{
"type": "WEB",
"url": "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-111-2023-04-20-Moderate-impact-Low-risk-Multiple-blind-SSRF-in-links-and-social-tools"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XGC5-WM9V-RQR3
Vulnerability from github – Published: 2024-12-13 15:30 – Updated: 2026-04-01 18:32Server-Side Request Forgery (SSRF) vulnerability in Hep Hep Hurra (HHH) Hurrakify allows Server Side Request Forgery.This issue affects Hurrakify: from n/a through 2.4.
{
"affected": [],
"aliases": [
"CVE-2024-54330"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-13T15:15:40Z",
"severity": "HIGH"
},
"details": "Server-Side Request Forgery (SSRF) vulnerability in Hep Hep Hurra (HHH) Hurrakify allows Server Side Request Forgery.This issue affects Hurrakify: from n/a through 2.4.",
"id": "GHSA-xgc5-wm9v-rqr3",
"modified": "2026-04-01T18:32:46Z",
"published": "2024-12-13T15:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54330"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/hurrakify/vulnerability/wordpress-hurrakify-plugin-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XGCH-X3MX-CM3C
Vulnerability from github – Published: 2026-07-15 21:58 – Updated: 2026-07-15 21:58The privateNetworks blocklist was found to be missing newly added CIDR ranges. More specifically, the following CIDR ranges were not being blocked:
- 64:ff9b:1::/48: NAT64 local-use prefix (RFC 8215)
- 5f00::/16: Segment Routing (SRv6) SIDs (RFC 9602)
- 3fff::/20: documentation prefix (RFC 9637)
- 100:0:0:1::/64: Dummy IPv6 Prefix (RFC 9780)
Impact
If exploited, an attacker would potentially be able to reach resources hosted on the IPs residing in the missing ranges.
Workarounds
Disable IPv6 by setting EnableIPv6(false). This is the default behavior of the library.
Resolution
Upgrade to v0.2.4
Credits
safeurl thanks @tonghuaroot for reporting.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/doyensec/safeurl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.2.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-54452"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-15T21:58:03Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "The `privateNetworks` blocklist was found to be missing newly added CIDR ranges. More specifically, the following CIDR ranges were not being blocked:\n- `64:ff9b:1::/48`: NAT64 local-use prefix (RFC 8215)\n- `5f00::/16`: Segment Routing (SRv6) SIDs (RFC 9602)\n- `3fff::/20`: documentation prefix (RFC 9637)\n- `100:0:0:1::/64`: Dummy IPv6 Prefix (RFC 9780)\n\n### Impact\nIf exploited, an attacker would potentially be able to reach resources hosted on the IPs residing in the missing ranges.\n\n### Workarounds\nDisable IPv6 by setting `EnableIPv6(false)`. This is the default behavior of the library.\n\n### Resolution\nUpgrade to v0.2.4\n\n### Credits\nsafeurl thanks @tonghuaroot for reporting.",
"id": "GHSA-xgch-x3mx-cm3c",
"modified": "2026-07-15T21:58:03Z",
"published": "2026-07-15T21:58:03Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/doyensec/safeurl/security/advisories/GHSA-xgch-x3mx-cm3c"
},
{
"type": "PACKAGE",
"url": "https://github.com/doyensec/safeurl"
},
{
"type": "WEB",
"url": "https://github.com/doyensec/safeurl/releases/tag/v0.2.4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "safeurl is Missing IPv6 CIDR Ranges in Blocklist"
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.