CVE-2022-31196

HIGH Year: 2022
CVSS v3 Score
7.5
High
Weakness Type
CWE-918
View all →

Vulnerability Description

Databasir is a database metadata management platform. Databasir <= 1.06 has Server-Side Request Forgery (SSRF) vulnerability. The SSRF is triggered by a sending a **single** HTTP POST request to create a databaseType. By supplying a `jdbcDriverFileUrl` that returns a non `200` response code, the url is executed, the response is logged (both in terminal and in database) and is included in the response. This would allow an attackers to obtain the real IP address and scan Intranet information. This issue was fixed in version 1.0.7.

Related Vulnerabilities

CVE-2007-6758

HIGH
CVSS:7.5(High)

Server-side request forgery (SSRF) vulnerability in feed-proxy.php in extjs 5.0.0.

CWE-9182007

CVE-2017-0929

HIGH
CVSS:7.5(High)

DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resou...

CWE-9182017

CVE-2017-1000419

HIGH
CVSS:7.5(High)

phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal ser...

CWE-9182017

CVE-2017-18638

HIGH
CVSS:7.5(High)

send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server re...

CWE-9182017

CVE-2017-3164

HIGH
CVSS:7.5(High)

Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the ser...

CWE-9182017

CVE-2018-12809

HIGH
CVSS:7.5(High)

Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.

CWE-9182018