Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
server-side request forgery vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-24881
SSRF exists in osTicket prior to 1.14.3, where an attacker can add malicious file to server or perform port scanning.
Osticket Osticket
4
CVSSv2
CVE-2017-7566
MyBB prior to 1.8.11 allows remote malicious users to bypass an SSRF protection mechanism.
Mybb Mybb
NA
CVE-2017-7727
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none
7.5
CVSSv2
CVE-2017-14323
SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in Onethink V1.0 and V1.1 allows remote malicious users to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the upfile parameter.
Onethink Onethink 1.1
Onethink Onethink 1.0
5
CVSSv2
CVE-2019-12632
A vulnerability in Cisco Finesse could allow an unauthenticated, remote malicious user to bypass access controls and conduct a server-side request forgery (SSRF) attack on an affected system. The vulnerability exists because the affected system does not properly validate user-sup...
Cisco Finesse 11.6\\(1\\)
Cisco Finesse 12.5\\(1\\)
Cisco Finesse 12.0\\(1\\)
NA
CVE-2023-32750
Pydio Cells up to and including 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and sa...
Pydio Cells
6.4
CVSSv2
CVE-2018-9920
Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https://*/Identity/STS/Forms/Scripts URL.
K2 Smartforms 4.6.11
4
CVSSv2
CVE-2022-28117
A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote malicious users to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter.
Naviwebs Navigate Cms 2.9.4
2 Github repositories
NA
CVE-2022-36551
A Server Side Request Forgery (SSRF) in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and previous versions allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these vers...
Heartex Label Studio
7.5
CVSSv2
CVE-2018-14728
upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter.
Tecrail Responsive Filemanager 9.13.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »