Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
server-side request forgery vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2017-7566
MyBB prior to 1.8.11 allows remote malicious users to bypass an SSRF protection mechanism.
Mybb Mybb
7.5
CVSSv2
CVE-2017-14323
SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in Onethink V1.0 and V1.1 allows remote malicious users to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the upfile parameter.
Onethink Onethink 1.1
Onethink Onethink 1.0
7.5
CVSSv2
CVE-2020-24881
SSRF exists in osTicket prior to 1.14.3, where an attacker can add malicious file to server or perform port scanning.
Osticket Osticket
NA
CVE-2017-7727
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none
5
CVSSv2
CVE-2019-12632
A vulnerability in Cisco Finesse could allow an unauthenticated, remote malicious user to bypass access controls and conduct a server-side request forgery (SSRF) attack on an affected system. The vulnerability exists because the affected system does not properly validate user-sup...
Cisco Finesse 11.6\\(1\\)
Cisco Finesse 12.5\\(1\\)
Cisco Finesse 12.0\\(1\\)
4
CVSSv2
CVE-2017-15639
tasks/feed/readRSS.cfm in Mura CMS prior to 6.2 allows malicious users to bypass intended access restrictions by leveraging the "draggable feeds" feature.
Getmura Mura Cms
1 EDB exploit
7.5
CVSSv2
CVE-2018-14728
upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter.
Tecrail Responsive Filemanager 9.13.1
5
CVSSv2
CVE-2014-9302
Server-side request forgery (SSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) in Alfresco Community Edition 5.0.a and previous versions allows remote malicious users to trigger outbound requests via a crafted URI in the url para...
Alfresco Community Edition
1 EDB exploit
NA
CVE-2023-32750
Pydio Cells up to and including 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and sa...
Pydio Cells
6.4
CVSSv2
CVE-2018-9920
Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https://*/Identity/STS/Forms/Scripts URL.
K2 Smartforms 4.6.11
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »