Description

Server-Side Request Forgery (SSRF) vulnerability allows an attacker to perform local and/or remote network requests while impersonating the target server. Using this vulnerability, Acunetix was able to access the target's cloud metadata

Remediation

Properly sanitize user input.

References

What is Server Side Request Forgery (SSRF)?

SSRF VS. BUSINESS-CRITICAL APPLICATIONS

Related Vulnerabilities

Adminer Server Side Request Forgery (SSRF)

Plone CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-33926)

Oracle E-Business Suite SSRF (CVE-2018-3167)

WordPress Plugin Rank Math SEO-Best SEO For WordPress To Increase Your SEO Traffic Server-Side Request Forgery (1.0.95)

WordPress Plugin Like Button Rating-LikeBtn Server-Side Request Forgery (2.6.31)

Severity

Critical

Classification

CWE-918 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

SSRF