Vulnerabilities > Server-Side Request Forgery (SSRF)
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-20 | CVE-2021-22255 | Server-Side Request Forgery (SSRF) vulnerability in Baserow SSRF in URL file upload in Baserow <1.1.0 allows remote authenticated users to retrieve files from the internal server network exposed over HTTP by inserting an internal address. | 4.0 |
2021-08-16 | CVE-2021-37711 | Server-Side Request Forgery (SSRF) vulnerability in Shopware Versions prior to 6.4.3.1 contain an authenticated server-side request forgery vulnerability in file upload via URL. | 6.5 |
2021-08-13 | CVE-2021-37353 | Server-Side Request Forgery (SSRF) vulnerability in Nagios XI Docker Wizard Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php. | 7.5 |
2021-08-05 | CVE-2021-32603 | Server-Side Request Forgery (SSRF) vulnerability in Fortinet Fortianalyzer and Fortimanager A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker to access unauthorized files and services on the system via specifically crafted web requests. | 4.0 |
2021-08-02 | CVE-2021-24371 | Server-Side Request Forgery (SSRF) vulnerability in Carrcommunications Rsvpmaker The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's a remote one. | 2.7 |
2021-08-02 | CVE-2021-24472 | Server-Side Request Forgery (SSRF) vulnerability in Qantumthemes Kentharadio and Onair2 The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display the content from any URI, this would allow for SSRF (Server Side Request Forgery) and RFI (Remote File Inclusion) vulnerabilities on the website. | 7.5 |
2021-07-30 | CVE-2021-20788 | Server-Side Request Forgery (SSRF) vulnerability in Groupsession products Server-side request forgery (SSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote authenticated attacker to conduct a port scan from the product and/or obtain information from the internal Web server. | 4.0 |
2021-07-28 | CVE-2020-4974 | Server-Side Request Forgery (SSRF) vulnerability in IBM products IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). | 6.5 |
2021-07-22 | CVE-2021-26699 | Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite 7.10.3/7.10.4 OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used. | 5.8 |
2021-07-21 | CVE-2021-22726 | Server-Side Request Forgery (SSRF) vulnerability in Schneider-Electric products A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to perform unintended actions or access to data when crafted malicious parameters are submitted to the charging station web server. | 5.5 |