CVE-2021-24371

LOW Year: 2021
CVSS v3 Score
2.7
Low
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-918
View all →

Vulnerability Description

The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's a remote one. As a result, a high privilege user could use that feature to scan the internal network via a SSRF attack.

Related Vulnerabilities

CVE-2021-22033

LOW
CVSS:2.7(Low)

Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.

CWE-9182021

CVE-2021-25939

LOW
CVSS:2.7(Low)

In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests per...

CWE-9182021

CVE-2021-40537

LOW
CVSS:2.7(Low)

Server Side Request Forgery (SSRF) vulnerability exists in owncloud/user_ldap < 0.15.4 in the settings of the user_ldap app. Administration role is necessary for exploitation.

CWE-9182021

CVE-2021-4075

LOW
CVSS:2.7(Low)

snipe-it is vulnerable to Server-Side Request Forgery (SSRF)

CWE-9182021

CVE-2022-2556

LOW
CVSS:2.7(Low)

The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body ...

CWE-9182022