Vulnerabilities > Server-Side Request Forgery (SSRF)

DATE	CVE	VULNERABILITY TITLE	RISK
2017-07-17	CVE-2017-1000017	Server-Side Request Forgery (SSRF) vulnerability in PHPmyadmin phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server network low complexity phpmyadmin CWE-918	8.8
2017-07-06	CVE-2017-10973	Server-Side Request Forgery (SSRF) vulnerability in Finecms Project Finecms In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to requests for non-image files with a modified HTTP Host header. network low complexity finecms-project CWE-918	6.5
2017-06-30	CVE-2017-6036	Server-Side Request Forgery (SSRF) vulnerability in Belden Hirschmann Gecko Lite Managed Switch Firmware A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. network low complexity belden-hirschmann CWE-918	6.5
2017-06-07	CVE-2017-9355	Server-Side Request Forgery (SSRF) vulnerability in Subsonic 6.1.1 XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file. network low complexity subsonic CWE-918	7.4
2017-05-31	CVE-2017-9307	Server-Side Request Forgery (SSRF) vulnerability in Allen Disk Project Allen Disk 1.6 SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter. network low complexity allen-disk-project CWE-918	6.5
2017-05-18	CVE-2017-9066	Server-Side Request Forgery (SSRF) vulnerability in multiple products In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF. network low complexity wordpress debian CWE-918	8.6
2017-05-05	CVE-2017-8794	Server-Side Request Forgery (SSRF) vulnerability in Accellion File Transfer Appliance 80540/911200/911210 An issue was discovered on Accellion FTA devices before FTA_9_12_180. network low complexity accellion CWE-918 critical	10.0
2017-04-24	CVE-2017-3546	Server-Side Request Forgery (SSRF) vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: MultiChannel Framework). network low complexity oracle CWE-918	6.5
2017-04-24	CVE-2015-7570	Server-Side Request Forgery (SSRF) vulnerability in Yeager CMS 1.2.1 Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodb_lite/tests/test_adodb_lite.php, libs/org/adodb_lite/tests/test_datadictionary.php, or libs/org/adodb_lite/tests/test_adodb_lite_sessions.php. network low complexity yeager CWE-918	7.2
2017-04-14	CVE-2016-7051	Server-Side Request Forgery (SSRF) vulnerability in Fasterxml Jackson-Dataformat-Xml XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD. network low complexity fasterxml CWE-918	8.6