Total
1256 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24815 | 1 Microstrategy | 1 Microstrategy | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal network resources or leak files from the local system via HTML containers embedded in a dossier/dashboard document. NOTE: 10.4., no fix will be released as version will reach end-of-life on 31/12/2020. | |||||
| CVE-2020-24710 | 1 Getgophish | 1 Gophish | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Gophish before 0.11.0 allows SSRF attacks. | |||||
| CVE-2020-24700 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring. | |||||
| CVE-2020-24641 | 1 Arubanetworks | 1 Airwave Glass | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. This can be used to perform an authentication bypass and ultimately gain administrative access on the web administrative interface. | |||||
| CVE-2020-24570 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing attackers to steal session information from logged-in users with a crafted link. | |||||
| CVE-2020-24548 | 1 Ericom | 1 Access Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Ericom Access Server 9.2.0 (for AccessNow and Ericom Blaze) allows SSRF to make outbound WebSocket connection requests on arbitrary TCP ports, and provides "Cannot connect to" error messages to inform the attacker about closed ports. | |||||
| CVE-2020-24444 | 1 Adobe | 1 Experience Manager Forms Add-on | 2024-11-21 | 5.0 MEDIUM | 5.8 MEDIUM |
| AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 (6.4.8.2) have a blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability could be exploited by an unauthenticated attacker to gather information about internal systems that reside on the same network. | |||||
| CVE-2020-24327 | 1 Discourse | 1 Discourse | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites. | |||||
| CVE-2020-24149 | 1 Secondline | 1 Podcast Importer Secondline | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Server-side request forgery (SSRF) in the Podcast Importer SecondLine (podcast-importer-secondline) plugin 1.1.4 for WordPress via the podcast_feed parameter in a secondline_import_initialize action to the secondlinepodcastimport page. | |||||
| CVE-2020-24148 | 1 Mooveagency | 1 Import Xml And Rss Feeds | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 for WordPress via the data parameter in a moove_read_xml action. | |||||
| CVE-2020-24147 | 1 Xylusthemes | 1 Wp Smart Import | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Server-side request forgery (SSR) vulnerability in the WP Smart Import (wp-smart-import) plugin 1.0.0 for WordPress via the file field. | |||||
| CVE-2020-24142 | 1 Ninjateam | 1 Video Downloader For Tiktok | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Server-side request forgery in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video parameter. It can help identify open ports, local network hosts and execute command on services | |||||
| CVE-2020-24141 | 1 Wp-downloadmanager Project | 1 Wp-downloadmanager | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the file_remote parameter to download-add.php. It can help identify open ports, local network hosts and execute command on services | |||||
| CVE-2020-24140 | 1 Wcms | 1 Wcms | 2024-11-21 | 7.5 HIGH | 8.3 HIGH |
| Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services. | |||||
| CVE-2020-24139 | 1 Wcms | 1 Wcms | 2024-11-21 | 7.5 HIGH | 8.3 HIGH |
| Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services. | |||||
| CVE-2020-24063 | 1 Canto | 1 Canto | 2024-11-21 | 5.0 MEDIUM | 7.2 HIGH |
| The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF. | |||||
| CVE-2020-23776 | 1 Winmail Project | 1 Winmail | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header 'HOST' value to cause the server to send the request. | |||||
| CVE-2020-23622 | 1 Cling Project | 1 Cling | 2024-11-21 | N/A | 7.5 HIGH |
| An issue in the UPnP protocol in 4thline cling 2.0.0 through 2.1.2 allows remote attackers to cause a denial of service via an unchecked CALLBACK parameter in the request header | |||||
| CVE-2020-23534 | 1 Masterlab | 1 Masterlab | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A server-side request forgery (SSRF) vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via the 'source' parameter. | |||||
| CVE-2020-23079 | 1 Halo | 1 Halo | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet. | |||||