Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-11 | CVE-2017-11148 | Server-Side Request Forgery (SSRF) vulnerability in Synology Chat Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat before 1.1.0-0806 allows remote authenticated users to access intranet resources via unspecified vectors. | 6.5 |
| 2017-07-17 | CVE-2017-1000017 | Server-Side Request Forgery (SSRF) vulnerability in PHPmyadmin phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server | 8.8 |
| 2017-07-06 | CVE-2017-10973 | Server-Side Request Forgery (SSRF) vulnerability in Finecms Project Finecms In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to requests for non-image files with a modified HTTP Host header. | 6.5 |
| 2017-06-30 | CVE-2017-6036 | Server-Side Request Forgery (SSRF) vulnerability in Belden Hirschmann Gecko Lite Managed Switch Firmware A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. | 6.5 |
| 2017-06-07 | CVE-2017-9355 | Server-Side Request Forgery (SSRF) vulnerability in Subsonic 6.1.1 XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file. | 7.4 |
| 2017-05-31 | CVE-2017-9307 | Server-Side Request Forgery (SSRF) vulnerability in Allen Disk Project Allen Disk 1.6 SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter. | 6.5 |
| 2017-05-18 | CVE-2017-9066 | Server-Side Request Forgery (SSRF) vulnerability in multiple products In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF. | 8.6 |
| 2017-05-05 | CVE-2017-8794 | Server-Side Request Forgery (SSRF) vulnerability in Accellion File Transfer Appliance 80540/911200/911210 An issue was discovered on Accellion FTA devices before FTA_9_12_180. | 10.0 |
| 2017-04-24 | CVE-2017-3546 | Server-Side Request Forgery (SSRF) vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: MultiChannel Framework). | 6.5 |
| 2017-04-24 | CVE-2015-7570 | Server-Side Request Forgery (SSRF) vulnerability in Yeager CMS 1.2.1 Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodb_lite/tests/test_adodb_lite.php, libs/org/adodb_lite/tests/test_datadictionary.php, or libs/org/adodb_lite/tests/test_adodb_lite_sessions.php. | 7.2 |