Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-19 | CVE-2018-10220 | Server-Side Request Forgery (SSRF) vulnerability in Mushmush Glastopf 3.1.3 Glastopf 3.1.3-dev has SSRF, as demonstrated by the abc.php a parameter. | 8.8 |
| 2018-04-10 | CVE-2017-14611 | Server-Side Request Forgery (SSRF) vulnerability in Agentejo Cockpit 0.13.0 SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued aheinze/fetch_url_contents component. | 9.1 |
| 2018-04-10 | CVE-2017-14323 | Server-Side Request Forgery (SSRF) vulnerability in Onethink 1.0/1.1 SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in Onethink V1.0 and V1.1 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the upfile parameter. | 9.8 |
| 2018-04-04 | CVE-2017-18096 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Application Links The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0 before 5.3.4 and from 5.4.0 before 5.4.3 allows remote attackers with administrative rights to access the content of internal network resources via a Server Side Request Forgery (SSRF) by creating an OAuth application link to a location they control and then redirecting access from the linked location's OAuth status rest resource to an internal location. | 7.2 |
| 2018-03-30 | CVE-2017-16614 | Server-Side Request Forgery (SSRF) vulnerability in Tp-Shop Tpshop 2.0.5/2.0.6 SSRF (Server Side Request Forgery) in tpshop 2.0.5 and 2.0.6 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the plugins/payment/weixin/lib/WxPay.tedatac.php fBill parameter. | 9.8 |
| 2018-03-23 | CVE-2018-1000138 | Server-Side Request Forgery (SSRF) vulnerability in I-Librarian I Librarian I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources. | 9.1 |
| 2018-03-22 | CVE-2018-7516 | Server-Side Request Forgery (SSRF) vulnerability in Geutebrueck G-Cam/Efd-2250 Firmware and Topfd-2125 Firmware A server-side request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could lead to proxied network scans. | 7.3 |
| 2018-03-20 | CVE-2014-3990 | Server-Side Request Forgery (SSRF) vulnerability in Opencart The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted serialized PHP object, related to the quantity parameter in an update request. | 9.8 |
| 2018-03-13 | CVE-2018-1000124 | Server-Side Request Forgery (SSRF) vulnerability in I-Librarian I, Librarian I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the contents of a file and SSRF. | 10.0 |
| 2018-03-05 | CVE-2018-7667 | Server-Side Request Forgery (SSRF) vulnerability in Adminer Adminer through 4.3.1 has SSRF via the server parameter. | 9.8 |