CVE-2021-27312

CRITICAL Year: 2021
CVSS v3 Score
9.4
Critical
Weakness Type
CWE-918
View all →

Vulnerability Description

Server Side Request Forgery (SSRF) vulnerability in Gleez Cms 1.2.0, allows remote attackers to execute arbitrary code and obtain sensitive information via modules/gleez/classes/request.php.

Related Vulnerabilities

CVE-2022-1592

CRITICAL
CVSS:9.4(Critical)

Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to ...

CWE-9182022

CVE-2022-2216

CRITICAL
CVSS:9.4(Critical)

Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0.

CWE-9182022

CVE-2022-0990

CRITICAL
CVSS:9.3(Critical)

Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.

CWE-9182022

CVE-2024-10044

CRITICAL
CVSS:9.3(Critical)

A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit e208d5677c6837d590b81cb03847c0b...

CWE-9182024

CVE-2024-2796

CRITICAL
CVSS:9.3(Critical)

A server-side request forgery (SSRF) was discovered in the Akana API Platform in versions prior to and including 2022.1.3. Reported by Jakob Antonsson.

CWE-9182024

CVE-2024-28752

CRITICAL
CVSS:9.3(Critical)

A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one paramete...

CWE-9182024