Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-25 | CVE-2018-8801 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component. | 6.5 |
| 2018-04-20 | CVE-2018-10174 | Server-Side Request Forgery (SSRF) vulnerability in Digitalguardian Management Console 7.1.2.0015 Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that allows remote attackers to read arbitrary files via file:// URLs, send TCP traffic to intranet hosts, or obtain an NTLM hash. | 6.5 |
| 2018-04-19 | CVE-2018-10220 | Server-Side Request Forgery (SSRF) vulnerability in Mushmush Glastopf 3.1.3 Glastopf 3.1.3-dev has SSRF, as demonstrated by the abc.php a parameter. | 8.8 |
| 2018-04-10 | CVE-2017-14611 | Server-Side Request Forgery (SSRF) vulnerability in Agentejo Cockpit 0.13.0 SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued aheinze/fetch_url_contents component. | 9.1 |
| 2018-04-10 | CVE-2017-14323 | Server-Side Request Forgery (SSRF) vulnerability in Onethink 1.0/1.1 SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in Onethink V1.0 and V1.1 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the upfile parameter. | 9.8 |
| 2018-04-04 | CVE-2017-18096 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Application Links The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0 before 5.3.4 and from 5.4.0 before 5.4.3 allows remote attackers with administrative rights to access the content of internal network resources via a Server Side Request Forgery (SSRF) by creating an OAuth application link to a location they control and then redirecting access from the linked location's OAuth status rest resource to an internal location. | 7.2 |
| 2018-03-30 | CVE-2017-16614 | Server-Side Request Forgery (SSRF) vulnerability in Tp-Shop Tpshop 2.0.5/2.0.6 SSRF (Server Side Request Forgery) in tpshop 2.0.5 and 2.0.6 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the plugins/payment/weixin/lib/WxPay.tedatac.php fBill parameter. | 9.8 |
| 2018-03-23 | CVE-2018-1000138 | Server-Side Request Forgery (SSRF) vulnerability in I-Librarian I Librarian I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources. | 9.1 |
| 2018-03-22 | CVE-2018-7516 | Server-Side Request Forgery (SSRF) vulnerability in Geutebrueck G-Cam/Efd-2250 Firmware and Topfd-2125 Firmware A server-side request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could lead to proxied network scans. | 7.3 |
| 2018-03-20 | CVE-2014-3990 | Server-Side Request Forgery (SSRF) vulnerability in Opencart The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted serialized PHP object, related to the quantity parameter in an update request. | 9.8 |