Total
1279 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24141 | 1 Wp-downloadmanager Project | 1 Wp-downloadmanager | 2024-08-04 | 5.3 Medium |
| Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the file_remote parameter to download-add.php. It can help identify open ports, local network hosts and execute command on services | ||||
| CVE-2020-24149 | 1 Secondline | 1 Podcast Importer Secondline | 2024-08-04 | 7.5 High |
| Server-side request forgery (SSRF) in the Podcast Importer SecondLine (podcast-importer-secondline) plugin 1.1.4 for WordPress via the podcast_feed parameter in a secondline_import_initialize action to the secondlinepodcastimport page. | ||||
| CVE-2020-24148 | 1 Mooveagency | 1 Import Xml And Rss Feeds | 2024-08-04 | 9.1 Critical |
| Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 for WordPress via the data parameter in a moove_read_xml action. | ||||
| CVE-2020-24140 | 1 Wcms | 1 Wcms | 2024-08-04 | 8.3 High |
| Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services. | ||||
| CVE-2020-24063 | 1 Canto | 1 Canto | 2024-08-04 | 7.2 High |
| The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF. | ||||
| CVE-2020-24142 | 1 Ninjateam | 1 Video Downloader For Tiktok | 2024-08-04 | 9.8 Critical |
| Server-side request forgery in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video parameter. It can help identify open ports, local network hosts and execute command on services | ||||
| CVE-2020-24147 | 1 Xylusthemes | 1 Wp Smart Import | 2024-08-04 | 9.1 Critical |
| Server-side request forgery (SSR) vulnerability in the WP Smart Import (wp-smart-import) plugin 1.0.0 for WordPress via the file field. | ||||
| CVE-2020-24139 | 1 Wcms | 1 Wcms | 2024-08-04 | 8.3 High |
| Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services. | ||||
| CVE-2020-23776 | 1 Winmail Project | 1 Winmail | 2024-08-04 | 7.5 High |
| A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header 'HOST' value to cause the server to send the request. | ||||
| CVE-2020-23534 | 1 Masterlab | 1 Masterlab | 2024-08-04 | 9.8 Critical |
| A server-side request forgery (SSRF) vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via the 'source' parameter. | ||||
| CVE-2020-23079 | 1 Halo | 1 Halo | 2024-08-04 | 7.5 High |
| SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet. | ||||
| CVE-2020-22983 | 1 Microstrategy | 1 Microstrategy Web | 2024-08-04 | 8.1 High |
| A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task. | ||||
| CVE-2020-22002 | 1 Inim | 12 Smartliving 10100l, Smartliving 10100l Firmware, Smartliving 10100lg3 and 9 more | 2024-08-04 | 7.5 High |
| An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI <=6.x within the GetImage functionality. The application parses user supplied data in the GET parameter 'host' to construct an image request to the service through onvif.cgi. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make an HTTP request to an arbitrary destination host. | ||||
| CVE-2020-21788 | 1 Crmeb | 1 Crmeb | 2024-08-04 | 4.3 Medium |
| In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side Request Forgery). The vulnerable code is in file /crmeb/app/admin/controller/store/CopyTaobao.php. | ||||
| CVE-2020-21653 | 1 Myucms Project | 1 Myucms | 2024-08-04 | 9.1 Critical |
| Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sj() method. | ||||
| CVE-2020-21649 | 1 Myucms Project | 1 Myucms | 2024-08-04 | 8.1 High |
| Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sql() method. | ||||
| CVE-2020-21122 | 1 Ureport Project | 1 Ureport | 2024-08-04 | 5.3 Medium |
| UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports. | ||||
| CVE-2020-20582 | 1 Mipcms | 1 Mipcms | 2024-08-04 | 7.5 High |
| A server side request forgery (SSRF) vulnerability in /ApiAdminDomainSettings.php of MipCMS 5.0.1 allows attackers to access sensitive information. | ||||
| CVE-2020-16248 | 1 Prometheus | 1 Blackbox Exporter | 2024-08-04 | 5.8 Medium |
| Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability | ||||
| CVE-2020-20341 | 1 Yzmcms | 1 Yzmcms | 2024-08-04 | 7.5 High |
| YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_image() function. | ||||