CVE-2022-40312

MEDIUM Year: 2022
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-918
View all →

Vulnerability Description

Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.1.

Related Vulnerabilities

CVE-2010-1637

MEDIUM
CVSS:6.5(Medium)

The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3...

CWE-9182010

CVE-2017-10973

MEDIUM
CVSS:6.5(Medium)

In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to requests for non-image files with a modified HTTP Host header.

CWE-9182017

CVE-2017-11148

MEDIUM
CVSS:6.5(Medium)

Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat before 1.1.0-0806 allows remote authenticated users to access intranet resources via unspecified vectors.

CWE-9182017

CVE-2017-11149

MEDIUM
CVSS:6.5(Medium)

Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary loca...

CWE-9182017

CVE-2017-12071

MEDIUM
CVSS:6.5(Medium)

Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the...

CWE-9182017

CVE-2017-15886

MEDIUM
CVSS:6.5(Medium)

Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI.

CWE-9182017