Web Application Vulnerabilities Index

This page lists X vulnerabilities classified as CWE-918 that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Select Vulnerability
Vulnerability Name
Classification
Severity
SAML Consumer Service KeyInfo RetrievalMethod SSRF
SAML Consumer Service KeyInfo RetrievalMethod SSRF
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
WASC-20
, 
Medium
Server-Side Request Forgery
Server-Side Request Forgery
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
WASC-20
, 
Medium
Server-Side Request Forgery (Apache Server Status)
Server-Side Request Forgery (Apache Server Status)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
, 
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
High
Server-Side Request Forgery (AWS)
Server-Side Request Forgery (AWS)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
, 
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A5
, 
High
Server-Side Request Forgery (elmah)
Server-Side Request Forgery (elmah)
CAPEC-347
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-918
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.6
, 
WASC-15
, 
High
Server-Side Request Forgery (elmah MVC)
Server-Side Request Forgery (elmah MVC)
CAPEC-347
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-918
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.6
, 
WASC-15
, 
High
Server-Side Request Forgery (Equinix)
Server-Side Request Forgery (Equinix)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
, 
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Critical
Server-Side Request Forgery (MySQL)
Server-Side Request Forgery (MySQL)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
, 
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
High
Server-Side Request Forgery (Oracle Cloud)
Server-Side Request Forgery (Oracle Cloud)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
, 
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Critical
Server-Side Request Forgery (Packet Cloud)
Server-Side Request Forgery (Packet Cloud)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
, 
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Critical
Server-Side Request Forgery (SSH)
Server-Side Request Forgery (SSH)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
, 
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
High
Server-Side Request Forgery (Time Based)
Server-Side Request Forgery (Time Based)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
WASC-20
, 
Medium
Server-Side Request Forgery (trace.axd)
Server-Side Request Forgery (trace.axd)
CAPEC-347
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C
, 
CWE-918
, 
HIPAA-164.306(a)
, 
HIPAA-164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
PCI v3.2-6.5.6
, 
WASC-15
, 
Critical
TorchServe Management API SSRF (CVE-2023-43654)
TorchServe Management API SSRF (CVE-2023-43654)
CWE-918
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Critical