Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-20 | CVE-2020-35313 | Server-Side Request Forgery (SSRF) vulnerability in Wondercms 3.1.3 A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer. | 9.8 |
| 2021-04-14 | CVE-2021-28060 | Server-Side Request Forgery (SSRF) vulnerability in Group-Office Group Office 6.4.196 A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php. | 5.3 |
| 2021-04-13 | CVE-2021-27905 | Server-Side Request Forgery (SSRF) vulnerability in Apache Solr The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. | 9.8 |
| 2021-04-12 | CVE-2021-29357 | Server-Side Request Forgery (SSRF) vulnerability in Outsystems products The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9.0 (and LifeTime management console before 11.7.0) allows SSRF for arbitrary outbound HTTP requests. | 8.6 |
| 2021-04-08 | CVE-2021-20480 | Server-Side Request Forgery (SSRF) vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). | 6.5 |
| 2021-04-07 | CVE-2020-24140 | Server-Side Request Forgery (SSRF) vulnerability in Wcms 0.3.2 Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. | 8.3 |
| 2021-04-07 | CVE-2020-24139 | Server-Side Request Forgery (SSRF) vulnerability in Wcms 0.3.2 Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. | 8.3 |
| 2021-04-05 | CVE-2021-24150 | Server-Side Request Forgery (SSRF) vulnerability in Likebtn-Like-Button Project Likebtn-Like-Button The LikeBtn WordPress Like Button Rating ? LikeBtn WordPress plugin before 2.6.32 was vulnerable to Unauthenticated Full-Read Server-Side Request Forgery (SSRF). | 7.5 |
| 2021-04-02 | CVE-2021-28941 | Server-Side Request Forgery (SSRF) vulnerability in Magpierss Project Magpierss 0.72 Because of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file, when you send a request to the /scripts/magpie_debug.php or /scripts/magpie_simple.php page, it's possible to request any internal page if you use a https request. | 5.3 |
| 2021-04-02 | CVE-2021-22696 | Server-Side Request Forgery (SSRF) vulnerability in multiple products CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). | 7.5 |