Description

Server-Side Request Forgery (SSRF) vulnerability allows an attacker to perform local and/or remote network requests while impersonating the target server. Using this vulnerability, Invicti was able to access the target's localhost service.

Remediation

Properly sanitize user input.

References

What is Server Side Request Forgery (SSRF)?

SSRF VS. BUSINESS-CRITICAL APPLICATIONS

Related Vulnerabilities

Oracle Weblogic T3 XXE (CVE-2019-2888)

WordPress Plugin Print My Blog-Print, PDF, & eBook Converter Server-Side Request Forgery (1.6.5)

WordPress 3.7.4 Multiple Vulnerabilities (3.7 - 3.7.4)

WordPress Plugin Telefication Server-Side Request Forgery (1.8.0)

WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.8)

Severity

High

Classification

CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H

Tags

SSRF