Common Weakness Enumeration

CWE-918

Allowed

Server-Side Request Forgery (SSRF)

Abstraction: Base · Status: Incomplete

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

4652 vulnerabilities reference this CWE, most recent first.

GHSA-Q82G-X6MC-4MXR

Vulnerability from github – Published: 2025-10-15 09:30 – Updated: 2025-10-15 09:30
VLAI
Details

The Task Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.3 via the “Check Website” task. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-10056"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-15T09:15:37Z",
    "severity": "MODERATE"
  },
  "details": "The Task Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.3 via the \u201cCheck Website\u201d task. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.",
  "id": "GHSA-q82g-x6mc-4mxr",
  "modified": "2025-10-15T09:30:17Z",
  "published": "2025-10-15T09:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10056"
    },
    {
      "type": "WEB",
      "url": "https://wordpress.org/plugins/task-scheduler"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d5211437-9c6d-435f-a7f2-17ed754d0fab?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q862-GCGQ-5M6G

Vulnerability from github – Published: 2026-05-19 14:44 – Updated: 2026-06-09 11:56
VLAI
Summary
HAXcms createSite SSRF Enables Arbitrary File Read
Details

Summary

An authenticated Server-Side Request Forgery (SSRF) vulnerability in HAXcms allows users to fetch arbitrary internal or local resources and write the responses to a web-accessible directory, enabling arbitrary file read and internal network access.

Details

The createSite endpoint in HAXcms (v11.0.6) accepts a build.files parameter that allows an authenticated user to supply arbitrary URLs or local file paths. This input is processed without validation and ultimately fetched server-side using file_get_contents().

The data flow is as follows: - User input (build.files) is processed via object_to_array() into a PHP array
- Assigned to $filesToDownload in Operations.php (line 2626)
- Iterated over in Operations.php (line 2730), where each entry is passed to HAXCMSFile::save() with bulk-import enabled

In HAXCMSFile.php (line 30), the following occurs:

file_get_contents($upload['tmp_name']);

Here, tmp_name is attacker-controlled and may contain:

  • External URLs (http://attacker.com)
  • Internal services (http://127.0.0.1)
  • Cloud metadata endpoints (http://169.254.169.254)
  • Local file paths (/etc/passwd, /proc/self/environ)

The bulk-import flag bypasses is_uploaded_file() validation, which normally ensures the file originates from a legitimate upload. The only restriction is an extension whitelist based on the filename (array key), which is fully attacker-controlled.

There are no restrictions on:

  • URL schemes (http, file, gopher, etc.)
  • Destination IP ranges (internal, loopback, metadata services)
  • Response content

All fetched content is written to:

sites/<sitename>/files/<filename>

and is accessible via the web.

PoC

Prerequisites:

  • Authenticated session (default credentials: admin/admin on fresh installs)
  • Valid JWT and CSRF token

Step 1: Log in and capture JWT + CSRF token

Step 2: Send crafted request:

POST /createSite HTTP/1.1
Host: target
Authorization: Bearer [JWT]
X-CSRF-Token: [TOKEN]
Content-Type: application/json

{
  "site": {
    "name": "poc"
  },
  "build": {
    "files": {
      "poc.txt": {
        "tmp_name": "http://169.254.169.254/latest/meta-data/iam/security-credentials/"
      }
    }
  }
}

Step 3: Retrieve response:

GET /sites/poc/files/poc.txt

The response will contain the fetched content (e.g., cloud credentials or internal service data).

Impact

  • SSRF enabling access to internal network services
  • Arbitrary file read via local filesystem paths
  • Cloud credential exposure through metadata endpoints
  • Data exfiltration via web-accessible file storage

Any authenticated user can exploit this to access sensitive server or infrastructure data, potentially leading to full system or cloud environment compromise.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 25.0.0"
      },
      "package": {
        "ecosystem": "npm",
        "name": "@haxtheweb/haxcms-nodejs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "26.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-46393"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-19T14:44:20Z",
    "nvd_published_at": "2026-06-05T19:16:33Z",
    "severity": "HIGH"
  },
  "details": "### Summary  \nAn authenticated Server-Side Request Forgery (SSRF) vulnerability in HAXcms allows users to fetch arbitrary internal or local resources and write the responses to a web-accessible directory, enabling arbitrary file read and internal network access.\n\n### Details  \nThe `createSite` endpoint in HAXcms (v11.0.6) accepts a `build.files` parameter that allows an authenticated user to supply arbitrary URLs or local file paths. This input is processed without validation and ultimately fetched server-side using `file_get_contents()`.\n\nThe data flow is as follows:\n- User input (`build.files`) is processed via `object_to_array()` into a PHP array  \n- Assigned to `$filesToDownload` in `Operations.php` (line 2626)  \n- Iterated over in `Operations.php` (line 2730), where each entry is passed to `HAXCMSFile::save()` with bulk-import enabled  \n\nIn `HAXCMSFile.php` (line 30), the following occurs:\n```php\nfile_get_contents($upload[\u0027tmp_name\u0027]);\n```\n\nHere, tmp_name is attacker-controlled and may contain:\n\n- External URLs (`http://attacker.com`)\n- Internal services (`http://127.0.0.1`)\n- Cloud metadata endpoints (`http://169.254.169.254`)\n- Local file paths (`/etc/passwd`, `/proc/self/environ`)\n\nThe bulk-import flag bypasses `is_uploaded_file()` validation, which normally ensures the file originates from a legitimate upload. The only restriction is an extension whitelist based on the filename (array key), which is fully attacker-controlled.\n\nThere are no restrictions on:\n\n- URL schemes (`http`, `file`, `gopher`, etc.)\n- Destination IP ranges (internal, loopback, metadata services)\n- Response content\n\nAll fetched content is written to:\n```\nsites/\u003csitename\u003e/files/\u003cfilename\u003e\n```\nand is accessible via the web.\n\n### PoC\nPrerequisites:\n\n- Authenticated session (default credentials: `admin/admin` on fresh installs)\n- Valid JWT and CSRF token\n\nStep 1: Log in and capture JWT + CSRF token\n\nStep 2: Send crafted request:\n```\nPOST /createSite HTTP/1.1\nHost: target\nAuthorization: Bearer [JWT]\nX-CSRF-Token: [TOKEN]\nContent-Type: application/json\n\n{\n  \"site\": {\n    \"name\": \"poc\"\n  },\n  \"build\": {\n    \"files\": {\n      \"poc.txt\": {\n        \"tmp_name\": \"http://169.254.169.254/latest/meta-data/iam/security-credentials/\"\n      }\n    }\n  }\n}\n```\n\nStep 3: Retrieve response:\n```\nGET /sites/poc/files/poc.txt\n```\n\nThe response will contain the fetched content (e.g., cloud credentials or internal service data).\n\n### Impact\n\n- SSRF enabling access to internal network services\n- Arbitrary file read via local filesystem paths\n- Cloud credential exposure through metadata endpoints\n- Data exfiltration via web-accessible file storage\n\nAny authenticated user can exploit this to access sensitive server or infrastructure data, potentially leading to full system or cloud environment compromise.",
  "id": "GHSA-q862-gcgq-5m6g",
  "modified": "2026-06-09T11:56:33Z",
  "published": "2026-05-19T14:44:20Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/haxtheweb/issues/security/advisories/GHSA-q862-gcgq-5m6g"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46393"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/haxtheweb/issues"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "HAXcms createSite SSRF Enables Arbitrary File Read"
}

GHSA-Q8CG-HW7C-28QG

Vulnerability from github – Published: 2026-04-08 21:33 – Updated: 2026-04-08 21:33
VLAI
Details

A security flaw has been discovered in bigsk1 openai-realtime-ui up to 188ccde27fdf3d8fab8da81f3893468f53b2797c. The affected element is an unknown function of the file server.js of the component API Proxy Endpoint. Performing a manipulation of the argument Query results in server-side request forgery. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is named 54f8f50f43af97c334a881af7b021e84b5b8310f. It is suggested to install a patch to address this issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-5803"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-08T21:17:01Z",
    "severity": "MODERATE"
  },
  "details": "A security flaw has been discovered in bigsk1 openai-realtime-ui up to 188ccde27fdf3d8fab8da81f3893468f53b2797c. The affected element is an unknown function of the file server.js of the component API Proxy Endpoint. Performing a manipulation of the argument Query results in server-side request forgery. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is named 54f8f50f43af97c334a881af7b021e84b5b8310f. It is suggested to install a patch to address this issue.",
  "id": "GHSA-q8cg-hw7c-28qg",
  "modified": "2026-04-08T21:33:34Z",
  "published": "2026-04-08T21:33:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5803"
    },
    {
      "type": "WEB",
      "url": "https://github.com/BruceJqs/public_exp/issues/3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bigsk1/openai-realtime-ui/issues/1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bigsk1/openai-realtime-ui/pull/2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bigsk1/openai-realtime-ui/commit/54f8f50f43af97c334a881af7b021e84b5b8310f"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bigsk1/openai-realtime-ui"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/786984"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/356242"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/356242/cti"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-Q8F9-449C-RF6M

Vulnerability from github – Published: 2024-12-06 21:30 – Updated: 2024-12-06 21:30
VLAI
Details

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud metadata services.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-48874"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-06T19:15:12Z",
    "severity": "CRITICAL"
  },
  "details": "Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie\u0027s proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud metadata services.",
  "id": "GHSA-q8f9-449c-rf6m",
  "modified": "2024-12-06T21:30:39Z",
  "published": "2024-12-06T21:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48874"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-Q8FH-WR43-3MGC

Vulnerability from github – Published: 2025-08-06 15:31 – Updated: 2025-08-06 21:31
VLAI
Details

MCCMS v2.7.0 has an SSRF vulnerability located in the index() method of the sys\apps\controllers\api\Gf.php file, where the pic parameter is processed. The pic parameter is decrypted using the sys_auth($pic, 1) function, which utilizes a hard-coded key Mc_Encryption_Key (bD2voYwPpNuJ7B8), defined in the db.php file. The decrypted URL is passed to the geturl() method, which uses cURL to make a request to the URL without proper security checks. An attacker can craft a malicious encrypted pic parameter, which, when decrypted, points to internal addresses or local file paths (such as http://127.0.0.1 or file://). By using the file:// protocol, the attacker can access arbitrary files on the local file system (e.g., file:///etc/passwd, file:///C:/Windows/System32/drivers/etc/hosts), allowing them to read sensitive configuration files, log files, and more, leading to information leakage or system exposure. The danger of this SSRF vulnerability includes accessing internal services and local file systems through protocols like http://, ftp://, and file://, which can result in sensitive data leakage, remote code execution, privilege escalation, or full system compromise, severely affecting the system's security and stability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-50234"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-06T15:15:32Z",
    "severity": "MODERATE"
  },
  "details": "MCCMS v2.7.0 has an SSRF vulnerability located in the index() method of the sys\\apps\\controllers\\api\\Gf.php file, where the pic parameter is processed. The pic parameter is decrypted using the sys_auth($pic, 1) function, which utilizes a hard-coded key Mc_Encryption_Key (bD2voYwPpNuJ7B8), defined in the db.php file. The decrypted URL is passed to the geturl() method, which uses cURL to make a request to the URL without proper security checks. An attacker can craft a malicious encrypted pic parameter, which, when decrypted, points to internal addresses or local file paths (such as http://127.0.0.1 or file://). By using the file:// protocol, the attacker can access arbitrary files on the local file system (e.g., file:///etc/passwd, file:///C:/Windows/System32/drivers/etc/hosts), allowing them to read sensitive configuration files, log files, and more, leading to information leakage or system exposure. The danger of this SSRF vulnerability includes accessing internal services and local file systems through protocols like http://, ftp://, and file://, which can result in sensitive data leakage, remote code execution, privilege escalation, or full system compromise, severely affecting the system\u0027s security and stability.",
  "id": "GHSA-q8fh-wr43-3mgc",
  "modified": "2025-08-06T21:31:39Z",
  "published": "2025-08-06T15:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50234"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xiaoyangsec/mccms/blob/main/MCCMS-SSRF.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q8GH-G2X4-X4CM

Vulnerability from github – Published: 2024-05-14 21:34 – Updated: 2024-12-09 15:31
VLAI
Details

In WhatsUp Gold versions released before 2023.1.2 ,

an SSRF vulnerability exists in Whatsup Gold's

Issue exists in the HTTP Monitoring functionality. 

Due to the lack of proper authorization, any authenticated user can access the HTTP monitoring functionality, what leads to the Server Side Request Forgery.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-4562"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-14T21:15:13Z",
    "severity": "MODERATE"
  },
  "details": "\nIn WhatsUp Gold versions released before 2023.1.2 , \n\nan SSRF vulnerability exists in Whatsup Gold\u0027s \n\nIssue exists in the HTTP Monitoring functionality.\u00a0 \n\nDue to the lack of proper authorization, any authenticated user can access the HTTP monitoring functionality, what leads to the Server Side Request Forgery.\n\n",
  "id": "GHSA-q8gh-g2x4-x4cm",
  "modified": "2024-12-09T15:31:32Z",
  "published": "2024-05-14T21:34:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4562"
    },
    {
      "type": "WEB",
      "url": "https://community.progress.com/s/article/Announcing-WhatsUp-Gold-v2023-1-2"
    },
    {
      "type": "WEB",
      "url": "https://www.progress.com/network-monitoring"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q97G-C29H-X2P7

Vulnerability from github – Published: 2024-03-14 20:37 – Updated: 2024-03-14 20:37
VLAI
Summary
Whoogle Search Path Traversal vulnerability
Details

Whoogle Search is a self-hosted metasearch engine. In versions prior to 0.8.4, the element method in app/routes.py does not validate the user-controlled src_type and element_url variables and passes them to the send method which sends a GET request on lines 339-343 in request.py, which leads to a server-side request forgery. This issue allows for crafting GET requests to internal and external resources on behalf of the server. For example, this issue would allow for accessing resources on the internal network that the server has access to, even though these resources may not be accessible on the internet. This issue is fixed in version 0.8.4.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "whoogle-search"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.8.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-22203"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-03-14T20:37:57Z",
    "nvd_published_at": "2024-01-23T18:15:18Z",
    "severity": "CRITICAL"
  },
  "details": "Whoogle Search is a self-hosted metasearch engine. In versions prior to 0.8.4, the `element` method in `app/routes.py` does not validate the user-controlled `src_type` and `element_url` variables and passes them to the `send` method which sends a GET request on lines 339-343 in `request.py`, which leads to a server-side request forgery. This issue allows for crafting GET requests to internal and external resources on behalf of the server. For example, this issue would allow for accessing resources on the internal network that the server has access to, even though these resources may not be accessible on the internet. This issue is fixed in version 0.8.4.",
  "id": "GHSA-q97g-c29h-x2p7",
  "modified": "2024-03-14T20:37:58Z",
  "published": "2024-03-14T20:37:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22203"
    },
    {
      "type": "WEB",
      "url": "https://github.com/benbusby/whoogle-search/commit/3a2e0b262e4a076a20416b45e6b6f23fd265aeda"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/benbusby/whoogle-search"
    },
    {
      "type": "WEB",
      "url": "https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/request.py#L339-L343"
    },
    {
      "type": "WEB",
      "url": "https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L465-L490"
    },
    {
      "type": "WEB",
      "url": "https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L466"
    },
    {
      "type": "WEB",
      "url": "https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L476"
    },
    {
      "type": "WEB",
      "url": "https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L479"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/whoogle-search/PYSEC-2024-20.yaml"
    },
    {
      "type": "ADVISORY",
      "url": "https://securitylab.github.com/advisories/GHSL-2023-186_GHSL-2023-189_benbusby_whoogle-search"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Whoogle Search Path Traversal vulnerability"
}

GHSA-Q994-GG9F-3G56

Vulnerability from github – Published: 2022-05-14 02:46 – Updated: 2025-10-22 00:31
VLAI
Details

The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-3718"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-05-05T18:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.",
  "id": "GHSA-q994-gg9f-3g56",
  "modified": "2025-10-22T00:31:14Z",
  "published": "2022-05-14T02:46:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3718"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2016:0726"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2016-3718"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332802"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201611-21"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3718"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/39767"
    },
    {
      "type": "WEB",
      "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4\u0026t=29588"
    },
    {
      "type": "WEB",
      "url": "https://www.imagemagick.org/script/changelog.php"
    },
    {
      "type": "WEB",
      "url": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0726.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2016/dsa-3580"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/05/03/18"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/538378/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.440568"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2990-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q9M9-PCC5-V5HF

Vulnerability from github – Published: 2024-10-31 21:31 – Updated: 2025-06-12 18:31
VLAI
Details

Qualitor v8.24 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /request/viewValidacao.php.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-48360"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-31T20:15:05Z",
    "severity": "HIGH"
  },
  "details": "Qualitor v8.24 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /request/viewValidacao.php.",
  "id": "GHSA-q9m9-pcc5-v5hf",
  "modified": "2025-06-12T18:31:07Z",
  "published": "2024-10-31T21:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48360"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenXP-Research/CVE-2024-48360"
    },
    {
      "type": "WEB",
      "url": "https://www.qualitor.com.br/official-security-advisory-cve-2024-48360"
    },
    {
      "type": "WEB",
      "url": "https://www.qualitor.com.br/qualitor-8-20"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q9PW-VMHH-384G

Vulnerability from github – Published: 2026-05-06 22:08 – Updated: 2026-05-12 13:33
VLAI
Summary
PraisonAI has an SSRF bypass
Details

Summary

The URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks.

Details

The current PraisonAI project uses _validate_url to validate the input URL. The main logic is to perform security checks on the host portion of the URL extracted by urlparse to prevent SSRF attacks.

QQ20260424-151256-24-1

However, there are indeed differences in parsing between urlparse and the library that actually sends the request. Currently, almost all application scenarios in this project involve first using _validate_url for URL validation, and then using _get_session().get to send the request.

QQ20260424-151437-24-2

In reality, its underlying mechanism is requests.get.

QQ20260424-151645-24-3

The core issue: urlparse() and requests disagree on which host a URL like http://127.0.0.1:6666\@1.1.1.1 points to:

  • urlparse() treats \ as a regular character and @ as the userinfo-host delimiter, so it extracts hostname as 1.1.1.1 (public)
  • requests treats \ as a path character, connecting to 127.0.0.1 (internal)

Below is a test code I wrote following the code.

import sys
from pathlib import Path
from pprint import pprint

sys.path.insert(0, str(Path(r"D:/BaiduNetdiskDownload/PraisonAI-main/PraisonAI-main/src/praisonai-agents")))

from praisonaiagents.tools import spider_tools

# url = "http://127.0.0.1:6666\@1.1.1.1"
url = "http://127.0.0.1:6666"

result = spider_tools.scrape_page(url)

if isinstance(result, dict) and "error" in result:
    print("scrape failed:", result["error"])
else:
    pprint(result)

When an attacker uses http://127.0.0.1:6666/, the existing detection logic can detect that this is an internal network address and block it.

QQ20260424-152007-24-4

However, when an attacker uses http://127.0.0.1:6666\@1.1.1.1, the detection logic resolves the host to 1.1.1.1, which is a public IP address, thus passing the verification. But in the actual request process, this URL is forwarded by requests.get to http://127.0.0.1:6666, bypassing the detection and achieving an SSRF attack.

QQ20260424-152123-24-5

PoC

http://127.0.0.1:6666\@1.1.1.1

Impact

SSRF

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.6.31"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "praisonaiagents"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.32"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44335"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-06T22:08:11Z",
    "nvd_published_at": "2026-05-08T14:16:46Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nThe URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks.\n\n### Details\nThe current PraisonAI project uses _validate_url to validate the input URL. The main logic is to perform security checks on the host portion of the URL extracted by urlparse to prevent SSRF attacks.\n\n\u003cimg width=\"1290\" height=\"1145\" alt=\"QQ20260424-151256-24-1\" src=\"https://github.com/user-attachments/assets/d5f16b74-5ad2-444f-8600-b05f78a4b769\" /\u003e\n\nHowever, there are indeed differences in parsing between urlparse and the library that actually sends the request. Currently, almost all application scenarios in this project involve first using _validate_url for URL validation, and then using _get_session().get to send the request.\n\n\u003cimg width=\"1143\" height=\"740\" alt=\"QQ20260424-151437-24-2\" src=\"https://github.com/user-attachments/assets/b1bf6ec2-d32a-4dac-b814-da819e8d3c83\" /\u003e\n\nIn reality, its underlying mechanism is requests.get.\n\n\u003cimg width=\"1042\" height=\"576\" alt=\"QQ20260424-151645-24-3\" src=\"https://github.com/user-attachments/assets/e17352c3-4205-44d6-ab6e-75566480215b\" /\u003e\n\nThe core issue:\u00a0`urlparse()`\u00a0and\u00a0`requests`\u00a0disagree on which host a URL like\u00a0`http://127.0.0.1:6666\\@1.1.1.1`\u00a0points to:\n\n- `urlparse()`\u00a0treats\u00a0`\\`\u00a0as a regular character and\u00a0`@`\u00a0as the userinfo-host delimiter, so it extracts hostname as\u00a0`1.1.1.1`\u00a0(public)\n- `requests`\u00a0treats\u00a0`\\`\u00a0as a path character, connecting to\u00a0`127.0.0.1`\u00a0(internal)\n\nBelow is a test code I wrote following the code.\n\n```\nimport sys\nfrom pathlib import Path\nfrom pprint import pprint\n\nsys.path.insert(0, str(Path(r\"D:/BaiduNetdiskDownload/PraisonAI-main/PraisonAI-main/src/praisonai-agents\")))\n\nfrom praisonaiagents.tools import spider_tools\n\n# url = \"http://127.0.0.1:6666\\@1.1.1.1\"\nurl = \"http://127.0.0.1:6666\"\n\nresult = spider_tools.scrape_page(url)\n\nif isinstance(result, dict) and \"error\" in result:\n    print(\"scrape failed:\", result[\"error\"])\nelse:\n    pprint(result)\n```\nWhen an attacker uses `http://127.0.0.1:6666/`, the existing detection logic can detect that this is an internal network address and block it.\n\n\u003cimg width=\"1068\" height=\"128\" alt=\"QQ20260424-152007-24-4\" src=\"https://github.com/user-attachments/assets/294bff10-2af6-4960-bf69-dbf3340b1e9b\" /\u003e\n\nHowever, when an attacker uses `http://127.0.0.1:6666\\@1.1.1.1`, the detection logic resolves the host to `1.1.1.1`, which is a public IP address, thus passing the verification. But in the actual request process, this URL is forwarded by requests.get to `http://127.0.0.1:6666`, bypassing the detection and achieving an SSRF attack.\n\n\u003cimg width=\"2089\" height=\"324\" alt=\"QQ20260424-152123-24-5\" src=\"https://github.com/user-attachments/assets/4421ce42-e47b-48de-a97a-56ce56a2bbc9\" /\u003e\n\n### PoC\n```\nhttp://127.0.0.1:6666\\@1.1.1.1\n```\n\n### Impact\nSSRF",
  "id": "GHSA-q9pw-vmhh-384g",
  "modified": "2026-05-12T13:33:12Z",
  "published": "2026-05-06T22:08:11Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-q9pw-vmhh-384g"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44335"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/MervinPraison/PraisonAI"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "PraisonAI has an SSRF bypass"
}

No mitigation information available for this CWE.

CAPEC-664: Server Side Request Forgery

An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.