ByteOS Network

Vulnerability Details :

CVE-2024-50337

Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa

Published At-02 Mar, 2026 | 14:26

Updated At-02 Mar, 2026 | 19:32

Chamilo: Potential unauthenticated blind SSRF via openid function

Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. This issue has been patched in version 1.11.28.

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:GitHub_M

Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa

Published At:02 Mar, 2026 | 14:26

Updated At:02 Mar, 2026 | 19:32

▼CVE Numbering Authority (CNA)

Chamilo: Potential unauthenticated blind SSRF via openid function

Affected Products

Vendor

chamilo

Product

chamilo-lms

Versions

Affected

< 1.11.28

Problem Types

Type	CWE ID	Description
CWE	CWE-918	CWE-918: Server-Side Request Forgery (SSRF)

Type: CWE

CWE ID: CWE-918

Description: CWE-918: Server-Side Request Forgery (SSRF)

Metrics

Version	Base score	Base severity	Vector
3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

Hyperlink	Resource
https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-rp2w-g734-jf8h	x_refsource_CONFIRM
https://github.com/chamilo/chamilo-lms/commit/43a9bd1fb8b3f57e7935a6a6bc48975e2063b01b	x_refsource_MISC
https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.28	x_refsource_MISC

Hyperlink: https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-rp2w-g734-jf8h

Resource:

x_refsource_CONFIRM

Hyperlink: https://github.com/chamilo/chamilo-lms/commit/43a9bd1fb8b3f57e7935a6a6bc48975e2063b01b

Resource:

x_refsource_MISC

Hyperlink: https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.28

Resource:

x_refsource_MISC

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:security-advisories@github.com

Published At:02 Mar, 2026 | 15:16

Updated At:02 Mar, 2026 | 15:16

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Weaknesses

CWE ID	Type	Source
CWE-918	Primary	security-advisories@github.com

CWE ID: CWE-918

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/chamilo/chamilo-lms/commit/43a9bd1fb8b3f57e7935a6a6bc48975e2063b01b	security-advisories@github.com	N/A
https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.28	security-advisories@github.com	N/A
https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-rp2w-g734-jf8h	security-advisories@github.com	N/A

Hyperlink: https://github.com/chamilo/chamilo-lms/commit/43a9bd1fb8b3f57e7935a6a6bc48975e2063b01b

Source: security-advisories@github.com

Resource: N/A

Hyperlink: https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.28

Source: security-advisories@github.com

Resource: N/A

Hyperlink: https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-rp2w-g734-jf8h

Source: security-advisories@github.com

Resource: N/A

Similar CVEs

111Records found

CVE-2024-1063

Matching Score-4

Assigner-Tenable Network Security, Inc.

View Details

Matching Score-4

Assigner-Tenable Network Security, Inc.

CVSS Score-5.3||MEDIUM

EPSS-0.08% / 23.27%

7 Day CHG~0.00%

Published-30 Jan, 2024 | 09:20

Updated-29 May, 2025 | 15:05

Appwrite <= v1.4.13 is affected by a Server-Side Request Forgery (SSRF) via the '/v1/avatars/favicon' endpoint due to an incomplete fix of CVE-2023-27159.

Vendor-appwrite Appwrite

Product-appwrite Appwrite

CWE ID-CWE-918

Server-Side Request Forgery (SSRF)

CVE-2020-6308

Matching Score-4

Assigner-SAP SE

View Details

Matching Score-4

Assigner-SAP SE

CVSS Score-5.3||MEDIUM

EPSS-82.06% / 99.19%

7 Day CHG~0.00%

Published-20 Oct, 2020 | 13:31

Updated-04 Aug, 2024 | 08:55

SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure and gather information for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to perform malicious requests, resulting in a Server-Side Request Forgery vulnerability.

Vendor-SAP SE

Product-businessobjects_business_intelligence_platform SAP BusinessObjects Business Intelligence Platform (Web Services)

CWE ID-CWE-918

Server-Side Request Forgery (SSRF)

CVE-2025-0584

Matching Score-4

Assigner-TWCERT/CC

View Details

Matching Score-4

Assigner-TWCERT/CC

CVSS Score-5.3||MEDIUM

EPSS-0.03% / 7.29%

7 Day CHG-0.00%

Published-20 Jan, 2025 | 02:06

Updated-17 Nov, 2025 | 19:14

aEnrich Technology a+HRD - Server-Side Request Forgery (SSRF)

The a+HRD from aEnrich Technology has a Server-side Request Forgery, allowing unauthenticated remote attackers to exploit this vulnerability to probe internal network.

Vendor-Yukai Digital Technology (aEnrich)

Product-a\+hrd a+HRD

CWE ID-CWE-918

Server-Side Request Forgery (SSRF)

CVE-2024-51980

Matching Score-4

Assigner-Rapid7, Inc.

View Details

Matching Score-4

Assigner-Rapid7, Inc.

CVSS Score-5.3||MEDIUM

EPSS-0.21% / 43.94%

7 Day CHG+0.02%

Published-25 Jun, 2025 | 07:22

Updated-26 Jun, 2025 | 18:58

Unauthenticated Server Side Request Forgery (SSRF) via WS-Addressing affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc.

An unauthenticated attacker may perform a limited server side request forgery (SSRF), forcing the target device to open a TCP connection to an arbitrary port number on an arbitrary IP address. This SSRF leverages the WS-Addressing ReplyTo element in a Web service (HTTP TCP port 80) SOAP request. The attacker can not control the data sent in the SSRF connection, nor can the attacker receive any data back. This SSRF is suitable for TCP port scanning of an internal network when the Web service (HTTP TCP port 80) is exposed across a network segment.

Vendor-Konica Minolta, Inc.Brother Industries, Ltd Toshiba Tec FUJIFILM Business Innovation Ricoh Company, Ltd.

Product-HL-L3210CW DCP-L2640DW MFC-L2690DW HL-L3295CDW TD-2320DSA MFC-L3745CDW DCP-T420W HL-J6010DW HL-EX470W HL-L8245CDW DCP-J572DW MFC-J893N MFC-J4440DW MFC-L2900DW DCP-L3528CDW MFC-L2886DW HL-L2386DW DCP-J4543N PT-E850TKW (for Vietnum)Apeos 4620 SX MFC-L8690CDW DCP-J982N-W/B HL-1210WE DocuPrint P118 w TD-2125N DocuPrint M265 z DocuPrint M115 z MFC-L5850DW DCP-T835DW HL-L5212DN MFC-T920DW DocuPrint M268 z DocuPrint M118 z MFC-J3530DW HL-L2370DWXL DocuPrint P378 d MFC-L2715DW(for Tiwan, Koria)MFC-J939DN DCP-T436W MFC-L2835DW MFC-L2922DW MFC-L2800DW DCP-L2660DW MFC-J4535DW(XL)HL-B2080DW MFC-J5830DW MFC-L6900DW MFC-L2765DW MFC-L2700DW(ASA)DCP-T820DW Apeos 4620 SZ PT-D800W MFC-J5335DW HL-L8260CDW HL-L6412DW DCP-L1632W Apeos 4620 SDF MFC-L2960DW DCP-L2508DW HL-L2460DW DCP-J772DW MFC-L3755CDW MFC-T930DW PT-E550W (for US, EU)MFC-1916NW HL-L2375DW MFC-L8610CDW DCP-1617NW PT-E550W (for Tiwan, Hongkong)MFC-4340DWE DocuPrint P360 dw HL-1212WE MFC-J5930DW MFC-EX670W DCP-J4140N PT-P950NW MFC-J5800CDW DCP-L8410CDW DCP-B7600DB MFC-J815DW XL DCP-B7638DN SP 230DNw DCP-L2640DN HL-L9430CDN DCP-L2647DW TD-2350DF MFC-J2340DW DCP-J928N-WB DCP-L3560CDW HL-L3300CDW MFC-L2701DW HL-J7010CDW RJ-4250WB HL-L5215DN HL-L5102DW MFC-J7300CDW e-STUDIO302DNF HL-L6300DWT TD-2130N DCP-T435W DCP-L5650DN MFC-L6810DW PJ-773 DocuPrint M375 z MFC-J2330DW MFC-1911NW MFC-L3750CDW MFC-L2760DW MFC-J4940DN PT-E550W (for Russia)PT-E800W MFC-L5710DN DCP-L1638W SP-1 HL-L6310DW DocuPrint P260 dw DCP-T535DW MFC-J998DN HL-5595DNH HL-L2390DW QL-1115NWB DCP-1612W MFC-8540DN DCP-L5600DN MFC-J998DWN TD-2135N DCP-7180DN MFC-J5945DW DCP-7190DN MFC-L5702DW HL-L2371DN RJ-3150Ai HL-L2365DW DocuPrint P268 d PT-E850TKW (for Tiwan)MFC-L6720DW MFC-J5955DW HL-L6250DN MFC-J1170DW MFC-J890DW MFC-L3730CDN MFC-L6902DW MFC-J5630CDW DCP-J1700DW DCP-L2531DW HL-L5050DN DCP-B7548W MFC-L9610CDN MFC-L6702DW DCP-J987N-B DCP-1618W HL-L5200DW DCP-T439W DocuPrint P268 dw HL-L5228DW MFC-9150CDN HL-L2461DN HL-L2395DW HL-L2365DWR MFC-J4540N DCP-J973N-W/B MFC-L8340CDW DCP-L2532DW RJ-2140 HL-L9470CDN DCP-B7520DW MFC-J4345DW XL DCP-B7648DW HL-L3220CWE QL-810Wc MFC-L3735CDN MFC-J7700CDW DCP-T825DW HL-L5100DN MFC-J898N HL-1212W bizhub 3000MF MFC-L2750DWR DocuPrint M260 z HL-L2357DW DocuPrint P375 dw HL-B2100DB DCP-L2540DNR HL-L8360CDWT HL-L2325DW RJ-3050Ai QL-1110NWBc MFC-L6820DW MFC-7890DN MFC-J1215W MFC-L5710DW MFC-L5902DW MFC-L2740DWR HL-1223WR DCP-L3555CDW DCP-T735DW MFC-J6945DW MFC-B7811DW RJ-2050 HL-L6410DN MFC-L5802DW HL-B2181DW MFC-L5912DW MFC-L5715DW MFC-J2740DW MFC-J805DW MFC-L2820DWXL HL-L8230CDW MFC-L2900DWXL MFC-J6980CDW DCP-J577N HL-L6415DW TD-2320D HL-L1230W DCP-T428W MFC-J6999CDW DCP-J981N DCP-L2551DW DocuPrint M378 d SP-1 (for Japan)DCP-J582N HL-L3240CDW MFC-J3540DW DocuPrint P285 dw DocuPrint P288 dw DCP-T525W DCP-J1203N HL-L2460DN DCP-T710W(for China)DCP-J1200W(XL)MFC-J4440N HL-L6415DWT MFC-J995DW TD-4420DNZ DCP-B7578DW MFC-J6930DW MFC-J904N HL-L6217DW MFC-L6800DW HL-L6202DW HL-L2460DWXL MFC-L2712DN DCP-L5602DN DCP-T725DW DocuPrint P235 d HL-2595DW HL-L2467DW HL-L2351DW MFC-L2740DW PT-E850TKW (for UAE)MFC-L2710DWR HL-5590DN MFC-J6583CDW DCP-T510W QL-1110NWB MFC-L2827DW TD-2350DSA DCP-L5518DN MFC-J1800DW QL-820NWB HL-L8260CDN DCP-1612WR DocuPrint M378 df HL-L2352DW MFC-T910DW MFC-J4443N DocuPrint P388 dw MFC-J6535DW DCP-J972N MFC-L5755DW DCP-T520W MFC-L2685DW MFC-L2730DN MFC-L2827DWXL HL-1223WE RJ-3050 bizhub 5020i HL-L2366DW TD-4420DN DCP-T425W DCP-J987N-W MFC-J5855DW XL MFC-J7500CDW DocuPrint M225 dw TD-2350D DCP-L2550DW(TWN)HL-L3280CDW MFC-J905N MFC-T925DW DocuPrint P275 dw MFC-L2862DW DCP-J914N MFC-L2771DW HL-L2440DW MFC-L6970DW MFC-J6995CDW MFC-L2980DW HL-L2370DW MFC-J4540DW(XL)DCP-L2535DW HL-L6210DW MFC-T4500DW MFC-L2770DW HL-L6402DW MFC-L9630CDN MFC-L5728DW DCP-L2520DWR DCP-L2551DN DCP-L2518DW HL-L2447DW MFC-J1605DN HL-1210W MFC-L2732DW DCP-L3550CDW MFC-J6957DW HL-L2420DW DCP-7189DW HL-L9410CDN DCP-L2530DW DCP-L1630W HL-L1238W MFC-L6750DW MFC-1910WE DCP-L3510CDW MFC-J995DW XL MFC-L6710DW MFC-J3930DW e-STUDIO301DN DCP-L2627DWE PT-E550W (for Vietnum)HL-L3290CDW DocuPrint M225 z DCP-L2548DW MFC-L5717DW HL-2569DW DCP-1610WR MFC-J5345DW DCP-T236 HL-B2150W DCP-C1210N MFC-J5740DW MFC-L2717DW MFC-L5750DW MFC-L5900DW DCP-L2550DN MFC-L3770CDW DCP-J1800DW HL-L5210DN MFC-J6947DW HL-EX415DW HL-J6000CDW DCP-L2560DWR HL-1212WR HL-L2405W HL-L6210DWT HL-L6400DW MFC-L2751DW FAX-L2710DN DCP-L2680DW MFC-L6912DW MFC-L2720DWR HL-L5212DW DCP-J978N-W/B MFC-B7800DN MFC-L8390CDW TD-2310D DCP-L2560DW HL-B2180DWB HL-1218W MFC-7880DN HL-3190CDW MFC-1910W DocuPrint M275 z MFC-J5845DW(XL)DCP-C421W DCP-9030CDN HL-L3288CDW MFC-J5340DW MFC-J6959DW MFC-7895DW ApeosPrint 4620 SDW MFC-L2807DW bizhub 4020i DCP-J526N MFC-1915W HL-L2370DN HL-L1808W MFC-L8610CDW(for Japan)DCP-L2600DW HL-B2158W MFC-T935DW MFC-L9635CDN DCP-L5660DN DCP-J915N DCP-L2627DWXL DCP-T830DW DocuPrint P378 dw DCP-L2550DW MFC-L6915DN CSP MFC-L2730DWR HL-1222WE MFC-J6530DW HL-B2180DW HL-L2376DW MFC-7889DW DCP-1612WE HL-L2380DW HL-L6200DW QL-820NWBc DCP-1623WR MFC-J5340DWE bizhub 5000i MFC-J1500N DCP-L5512DN NFC-J903N HL-B2188DW bizhub 3080MF MFC-L3740CDWE DCP-J1200WE MFC-B7810DWB MFC-J5730DW MFC-J690DW HL-L2350DW MFC-L2750DWXL HL-1210WR DCP-T226 MFC-L6915DN RJ-3150 MFC-L5915DW HL-L6418DW DCP-L5510DW MFC-L2885DW HL-L2425DW ADS-3000N TD-2350DFSA HL-L3270CDW MFC-L2730DW DCP-T710W HL-L3220CDW MFC-L2860DW DCP-T536DW DocuPrint M285 z HL-L6300DW MFC-L5800DW RJ-2150 HL-L6450DW DCP-L3520CDW MFC-L2817DW DCP-J528N MFC-L2710DN DCP-L2550DNR DocuPrint P385 dw MFC-EX910 DocuPrint P225 d MFC-L3740CDW DCP-L3515CDW MFC-L2820DW DCP-L1848W bizhub 4000i MFC-L5700DN DocuPrint M288 dw DocuPrint M385 z MFC-J939DWN DCP-L5510DN HL-L6400DWT PT-P750W DCP-B7658DW DocuPrint M375 df DCP-L2628DW M 340W MFC-L2860DWE MFC-J738DN HL-L2400DWE MFC-L2880DW DCP-L2605DW HL-L5210DWT MFC-L6950DW DCP-L2648DW DCP-J4143N MFC-L2680W HL-2590DN HL-L3220CW MFC-L3710CDW MFC-L2750DW MFC-B7720DN TD-4550DNWB MFC-T810W(for China)DCP-1610WE PT-E850TKW (for Thailand)HL-L2360DNR MFC-L2716DW PT-E550W (for Koria)HL-L6200DWT HL-L5100DNT DocuPrint P375 d DCP-L2622DW HL-L6250DW DocuPrint M115 fw HL-L5218DN MFC-L9570CDW(for Japan)HL-L2480DW MFC-L2710DW M 340FW DCP-1616NW HL-L2372DN HL-L1232W MFC-L3780CDW MFC-L2805DW MFC-L2710DNR MFC-J6935DW HL-L3228CDW DCP-L2540DW HL-L9310CDW MFC-J3940DW MFC-J6555DW XL MFC-J6580CDW HL-L8360CDW ADS-3600W MFC-L8900CDW MFC-J491DW DCP-T510W(for China)MFC-J1010DW DCP-1615NW HL-B2100D MFC-L6915DW DCP-J1200N DCP-L3520CDWE HL-L2865DW MFC-L2720DN DCP-T230 DCP-L2520DW MFC-L2920DW DCP-1622WE MFC-L6900DWG MFC-J895DW MFC-B7810DW MFC-L3720CDW HL-L8240CDW DCP-T430W MFC-L3760CDW HL-L2360DW MFC-L3765CDW MFC-J6997CDW FAX-L2700DN DocuPrint M115 w DCP-B7558W DCP-L2600D NFC-EX670 MFC-J805DW XL DCP-B7608W PT-E850TKW (for China)DCP-7190DW MFC-L2700DN MFC-J6730DW DCP-B7640DW DCP-J774DW MFC-L2712DW MFC-1919NW DCP-L2552DN MFC-J1012DW HL-2560DN HL-L2305W HL-L2385DW MFC-L2713DW DCP-L2625DW DCP-B7530DN FAX-L2800DW MFC-L2802DN MFC-J6983CDW MFC-J739DN HL-L3230CDW MFC-J6555DW DCP-T720DW DCP-L2627DW MFC-L5718DN MFC-L5715DN DCP-J1100DW DocuPrint M235 dw HL-L6400DWG ApeosPrint 4620 SDN (For Asia-Pacific)PT-E550W (for Thailand)HL-J6000DW HL-L2370DNR DCP-B7620DWB DCP-7195DW HL-L6415DN HL-L2445DW MFC-J6940DW DCP-T238 HL-L3230CDN DocuPrint P265 dw HL-L5210DW DCP-B7535DW MFC-J4335DW(XL)MFC-J6740DW MFC-L9670CDN DocuPrint M118 w HL-L5215DW MFC-L2700DWR TD-4520DN MFC-1911W MFC-J926N-WB MFC-L2707DW ADS-2800W MFC-EX915DW MFC-L2802DW RJ-3250WB MFC-J1300DW MFC-L2861DW DCP-1623WE MFC-T810W DCP-L2620DW MFC-L9570CDW MFC-J2730DW DCP-T225 ADS-2400N DCP-7090DW MFC-J7100CDW MFC-L6700DW DCP-T730DW MFC-J1205W(XL)MFC-L3768CDW MFC-J739DWN DCP-B7628DW DCP-B7640DWB MFC-L2700DW MFC-L5700DW MFC-J6955DW MFC-L2715DW DCP-B7650DW MFC-L2703DW HL-L2340DWR DocuPrint M268 dw DCP-L3517CDW DCP-L2541DW MFC-J5855DW MFC-J497DW DocuPrint P115 w DCP-J988N MFC-J6540DWE DCP-L2540DN DCP-L2665DW PT-E850TKW (for Asia pacific, EU, US)HL-3160CDW DCP-L5662DN MFC-L9577CDW HL-L2400DW DCP-L3551CDW DocuPrint M288 z QL-810W HL-L5202DW MFC-J4340DW(XL)MFC-B7715DW DCP-T426W P 201W DCP-L5500DN SP 230SFNw MFC-J7600CDW DCP-B7600D DCP-L6600DW HL-L2340DW MFC-L2880DWXL PT-E550W (for China)ApeosPrint 4620 SDN (For China)MFC-J6540DW HL-JF1 MFC-J5330DW PJ-883 DCP-L3568CDW HL-L2375DWR DCP-L5502DN MFC-L2806DW MFC-9350CDW HL-T4000DW TD-2120N MFC-1912WR HL-L6415DN CSP PT-E850TKW (for Koria)HL-B2050DN MFC-L2705DW DCP-J587N HL-L2315DW DocuPrint M235 z TD-2320DF MFC-L6910DN MFC-L2720DW PT-P900Wc DCP-J572N DCP-L2530DWR HL-5595DN HL-L5200DWT DCP-J1800N HL-L2360DN DCP-T530DW HL-J6100DW DCP-B7620DW DCP-L5652DN DCP-L5610DN HL-1211W HL-L2464DW HL-L3215CW HL-L2350DWR DCP-L2537DW MFC-L8395CDW MFC-J738DWN HL-L2465DW HL-L2475DW PT-P900W DCP-J1050DW DCP-T220 DCP-J1140DW MFC-8530DN DCP-1610W

CWE ID-CWE-918

Server-Side Request Forgery (SSRF)

CVE-2020-28976

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-5.3||MEDIUM

EPSS-25.75% / 96.16%

7 Day CHG~0.00%

Published-30 Nov, 2020 | 13:14

Updated-04 Aug, 2024 | 16:48

The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF.

Vendor-canto n/a

Product-canto n/a

CWE ID-CWE-918

Server-Side Request Forgery (SSRF)

CVE-2020-28977

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-5.3||MEDIUM

EPSS-10.41% / 93.12%

7 Day CHG~0.00%

Published-30 Nov, 2020 | 13:19

Updated-04 Aug, 2024 | 16:48

The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/get.php?subdomain=SSRF.

Vendor-canto n/a

Product-canto n/a

CWE ID-CWE-918

Server-Side Request Forgery (SSRF)

CVE-2020-24710

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-5.3||MEDIUM

EPSS-0.46% / 63.70%

7 Day CHG~0.00%

Published-28 Oct, 2020 | 19:33

Updated-04 Aug, 2024 | 15:19

Gophish before 0.11.0 allows SSRF attacks.

Vendor-getgophish n/a

Product-gophish n/a

CWE ID-CWE-918

Server-Side Request Forgery (SSRF)

CVE-2020-21122

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-5.3||MEDIUM

EPSS-0.23% / 45.32%

7 Day CHG~0.00%

Published-15 Sep, 2021 | 16:16

Updated-04 Aug, 2024 | 14:22

UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports.

Vendor-ureport_project n/a

Product-ureport n/a

CWE ID-CWE-918

Server-Side Request Forgery (SSRF)

CVE-2020-11453

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-5.3||MEDIUM

EPSS-1.04% / 77.20%

7 Day CHG-0.68%

Published-02 Apr, 2020 | 15:03

Updated-04 Aug, 2024 | 11:28

Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit it to conduct port scanning. An attacker could exploit this vulnerability to enumerate the resources allocated in the network (IP addresses and services exposed). NOTE: MicroStrategy is unable to reproduce the issue reported in any version of its product

Vendor-microstrategy n/a

Product-microstrategy_web n/a

CWE ID-CWE-918

Server-Side Request Forgery (SSRF)

CVE-2020-12529

Matching Score-4

Assigner-CERT@VDE

View Details

Matching Score-4

Assigner-CERT@VDE

CVSS Score-5.8||MEDIUM

EPSS-0.18% / 40.35%

7 Day CHG~0.00%

Published-02 Mar, 2021 | 21:15

Updated-16 Sep, 2024 | 20:42

An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports.

Vendor-mbconnectline MB connect line

Product-mymbconnect24 mbconnect24 mymbCONNECT24 mbCONNECT24

CWE ID-CWE-918

Server-Side Request Forgery (SSRF)

CVE-2024-4894

Matching Score-4

Assigner-TWCERT/CC

View Details

Matching Score-4

Assigner-TWCERT/CC

CVSS Score-5.3||MEDIUM

EPSS-0.17% / 38.50%

7 Day CHG~0.00%

Published-15 May, 2024 | 02:53

Updated-01 Aug, 2024 | 20:55

ITPison OMICARD EDM - Server-Side Request Forgery

ITPison OMICARD EDM fails to properly filter specific URL parameter, allowing unauthenticated remote attackers to modify the parameters and conduct Server-Side Request Forgery (SSRF) attacks. This vulnerability enables attackers to probe internal network information.

Vendor-ITPison itpison

Product-OMICARD EDM omicard_edm

CWE ID-CWE-918

Server-Side Request Forgery (SSRF)

CVE-2024-50337

Credits

Chamilo: Potential unauthenticated blind SSRF via openid function

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs