CVE-2020-22002

HIGH Year: 2020
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-918
View all →

Vulnerability Description

An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI <=6.x within the GetImage functionality. The application parses user supplied data in the GET parameter 'host' to construct an image request to the service through onvif.cgi. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make an HTTP request to an arbitrary destination host.

Related Vulnerabilities

CVE-2007-6758

HIGH
CVSS:7.5(High)

Server-side request forgery (SSRF) vulnerability in feed-proxy.php in extjs 5.0.0.

CWE-9182007

CVE-2017-0929

HIGH
CVSS:7.5(High)

DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resou...

CWE-9182017

CVE-2017-1000419

HIGH
CVSS:7.5(High)

phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal ser...

CWE-9182017

CVE-2017-18638

HIGH
CVSS:7.5(High)

send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server re...

CWE-9182017

CVE-2017-3164

HIGH
CVSS:7.5(High)

Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the ser...

CWE-9182017

CVE-2018-12809

HIGH
CVSS:7.5(High)

Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.

CWE-9182018