Common Weakness Enumeration

CWE-918

Allowed

Server-Side Request Forgery (SSRF)

Abstraction: Base · Status: Incomplete

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

4652 vulnerabilities reference this CWE, most recent first.

GHSA-PWWX-C4HJ-3V9G

Vulnerability from github – Published: 2025-01-07 12:31 – Updated: 2026-04-28 21:35
VLAI
Details

Server-Side Request Forgery (SSRF) vulnerability in Envato Envato Elements allows Server Side Request Forgery.This issue affects Envato Elements: from n/a through 2.0.14.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-56275"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-07T11:15:09Z",
    "severity": "MODERATE"
  },
  "details": "Server-Side Request Forgery (SSRF) vulnerability in Envato Envato Elements allows Server Side Request Forgery.This issue affects Envato Elements: from n/a through 2.0.14.",
  "id": "GHSA-pwwx-c4hj-3v9g",
  "modified": "2026-04-28T21:35:30Z",
  "published": "2025-01-07T12:31:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56275"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/envato-elements/vulnerability/wordpress-envato-elements-plugin-2-0-14-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PX27-325W-M34C

Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2025-10-22 00:32
VLAI
Details

Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-21975"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-31T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.",
  "id": "GHSA-px27-325w-m34c",
  "modified": "2025-10-22T00:32:05Z",
  "published": "2022-05-24T17:45:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21975"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21975"
    },
    {
      "type": "WEB",
      "url": "https://www.vmware.com/security/advisories/VMSA-2021-0004.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PX2Q-6Q9W-P7WC

Vulnerability from github – Published: 2022-05-24 00:01 – Updated: 2022-06-04 00:00
VLAI
Details

CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-28997"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-23T14:16:00Z",
    "severity": "HIGH"
  },
  "details": "CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/.",
  "id": "GHSA-px2q-6q9w-p7wc",
  "modified": "2022-06-04T00:00:49Z",
  "published": "2022-05-24T00:01:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28997"
    },
    {
      "type": "WEB",
      "url": "https://i.imgur.com/BwWTfYU.png"
    },
    {
      "type": "WEB",
      "url": "https://i.imgur.com/S1F7MaJ.png"
    },
    {
      "type": "WEB",
      "url": "https://i.imgur.com/pzWjkXI.png"
    },
    {
      "type": "WEB",
      "url": "https://i.imgur.com/xxjxnGk.png"
    },
    {
      "type": "WEB",
      "url": "https://packetstormsecurity.com/files/166613/CSZCMS-1.3.0-SSRF-LFI-Remote-Code-Execution.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PX42-XR3H-WJV8

Vulnerability from github – Published: 2025-05-09 15:31 – Updated: 2025-05-13 00:31
VLAI
Details

Yifang CMS v2.0.2 is vulnerable to Server-Side Request Forgery (SSRF) in /api/file/getRemoteContent.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-45887"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-09T15:15:57Z",
    "severity": "CRITICAL"
  },
  "details": "Yifang CMS v2.0.2 is vulnerable to Server-Side Request Forgery (SSRF) in /api/file/getRemoteContent.",
  "id": "GHSA-px42-xr3h-wjv8",
  "modified": "2025-05-13T00:31:11Z",
  "published": "2025-05-09T15:31:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-45887"
    },
    {
      "type": "WEB",
      "url": "https://gitee.com/wanglongcn/yifang/issues/IBZVAG"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PX48-XW9J-R7FX

Vulnerability from github – Published: 2026-03-16 15:30 – Updated: 2026-03-16 21:34
VLAI
Details

Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows an attacker with high privileges to provide the URL for redirecting server-side HTTP request.

This issue was fixed in version 1.4.6.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-69239"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-16T14:18:01Z",
    "severity": "MODERATE"
  },
  "details": "Raytha CMS is vulnerable to Server-Side Request Forgery in the\u00a0\u201cThemes - Import from URL\u201d feature. It allows an attacker with high privileges to provide the URL for redirecting\u00a0server-side HTTP request.\n\nThis issue was fixed in version 1.4.6.",
  "id": "GHSA-px48-xw9j-r7fx",
  "modified": "2026-03-16T21:34:32Z",
  "published": "2026-03-16T15:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69239"
    },
    {
      "type": "WEB",
      "url": "https://cert.pl/en/posts/2026/03/CVE-2025-69236"
    },
    {
      "type": "WEB",
      "url": "https://raytha.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-PX5M-VP2J-J7XW

Vulnerability from github – Published: 2025-11-30 15:30 – Updated: 2025-11-30 15:30
VLAI
Details

A vulnerability was found in ZenTao up to 21.7.6-8564. This affects the function makeRequest of the file module/ai/model.php. The manipulation of the argument Base results in server-side request forgery. The attack can be launched remotely. The exploit has been made public and could be used. Upgrading to version 21.7.6 mitigates this issue. It is suggested to upgrade the affected component.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-13789"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-30T14:16:29Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in ZenTao up to 21.7.6-8564. This affects the function makeRequest of the file module/ai/model.php. The manipulation of the argument Base results in server-side request forgery. The attack can be launched remotely. The exploit has been made public and could be used. Upgrading to version 21.7.6 mitigates this issue. It is suggested to upgrade the affected component.",
  "id": "GHSA-px5m-vp2j-j7xw",
  "modified": "2025-11-30T15:30:23Z",
  "published": "2025-11-30T15:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13789"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ez-lbz/ez-lbz.github.io/issues/2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ez-lbz/ez-lbz.github.io/issues/2#issue-3598317459"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ez-lbz/ez-lbz.github.io/issues/2#issuecomment-3540247346"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.333793"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.333793"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.690728"
    },
    {
      "type": "WEB",
      "url": "https://www.zentao.net/extension-viewext-6.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-PXG5-H34R-7Q8P

Vulnerability from github – Published: 2023-09-20 23:04 – Updated: 2024-09-20 19:59
VLAI
Summary
GeoNode vulnerable to SSRF Bypass to return internal host data
Details

A SSRF vulnerability exists, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returning any data from the internal network.

the application is using a whitelist, but the whitelist can be bypassed with @ and encoded value of @ (%40) GET /proxy/?url=http://development.demo.geonode.org%40geoserver:8080/geoserver/web This will trick the application that the first host is a whitelisted address, but the browser will use @ or %40 as a credential to the host geoserver on port 8080, this will return the data to that host on the response.

image

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 4.1.2"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "GeoNode"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.2.0"
            },
            {
              "fixed": "4.1.3.post1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-42439"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-20T23:04:44Z",
    "nvd_published_at": "2023-09-15T21:15:11Z",
    "severity": "HIGH"
  },
  "details": "A SSRF vulnerability exists, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returning any data from the internal network.\n\nthe application is using a whitelist, but the whitelist can be bypassed with @ and encoded value of @ (%40) GET /proxy/?url=http://development.demo.geonode.org%40geoserver:8080/geoserver/web \nThis will trick the application that the first host is a whitelisted address, but the browser will use @ or %40 as a credential to the host geoserver on port 8080, this will return the data to that host on the response.\n\n![image](https://user-images.githubusercontent.com/35967437/264379628-8cecbc56-be6c-49dc-abe8-0baf8b8695cc.png)\n\n",
  "id": "GHSA-pxg5-h34r-7q8p",
  "modified": "2024-09-20T19:59:58Z",
  "published": "2023-09-20T23:04:44Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/GeoNode/geonode/security/advisories/GHSA-pxg5-h34r-7q8p"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42439"
    },
    {
      "type": "WEB",
      "url": "https://github.com/GeoNode/geonode/commit/79ac6e70419c2e0261548bed91c159b54ff35b8d"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/GeoNode/geonode"
    },
    {
      "type": "WEB",
      "url": "https://github.com/GeoNode/geonode/releases/tag/4.1.3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/geonode/PYSEC-2023-176.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "GeoNode vulnerable to SSRF Bypass to return internal host data"
}

GHSA-PXP3-C847-MX5J

Vulnerability from github – Published: 2022-05-14 01:38 – Updated: 2022-05-14 01:38
VLAI
Details

Jspxcms v9.0.0 allows SSRF.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-20596"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-30T18:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "Jspxcms v9.0.0 allows SSRF.",
  "id": "GHSA-pxp3-c847-mx5j",
  "modified": "2022-05-14T01:38:24Z",
  "published": "2022-05-14T01:38:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20596"
    },
    {
      "type": "WEB",
      "url": "https://gitee.com/jspxcms/Jspxcms/issues/IQAHK"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q24H-5RQ3-63J9

Vulnerability from github – Published: 2022-03-04 00:00 – Updated: 2022-03-10 21:57
VLAI
Summary
Incorrect Authorization in @uppy/companion
Details

@uppy/companion prior to version 3.3.1 is vulnerable to incorrect authorization. A user with URL upload access could enumerate internal companion server networks, send local webservers files to the destination server, and finally download them If each of these files had a guessable and regular name.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@uppy/companion"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-0528"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-863",
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-03-10T21:57:56Z",
    "nvd_published_at": "2022-03-03T07:15:00Z",
    "severity": "HIGH"
  },
  "details": "@uppy/companion prior to version 3.3.1 is vulnerable to incorrect authorization. A user with URL upload access could enumerate internal companion server networks, send local webservers files to the destination server, and finally download them If each of these files had a guessable and regular name.",
  "id": "GHSA-q24h-5rq3-63j9",
  "modified": "2022-03-10T21:57:56Z",
  "published": "2022-03-04T00:00:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0528"
    },
    {
      "type": "WEB",
      "url": "https://github.com/transloadit/uppy/commit/267c34045a1e62c98406d8c31261c604a11e544a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/transloadit/uppy"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/8b060cc3-2420-468e-8293-b9216620175b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Incorrect Authorization in @uppy/companion"
}

GHSA-Q25C-C977-4CMH

Vulnerability from github – Published: 2024-06-06 21:30 – Updated: 2024-07-24 17:34
VLAI
Summary
Server-Side Request Forgery in langchain-community.retrievers.web_research.WebResearchRetriever
Details

A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component in langchain-community (langchain-community.retrievers.web_research.WebResearchRetriever). The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This flaw enables attackers to execute port scans, access local services, and in some scenarios, read instance metadata from cloud environments. The vulnerability is particularly concerning as it can be exploited to abuse the Web Explorer server as a proxy for web attacks on third parties and interact with servers in the local network, including reading their response data. This could potentially lead to arbitrary code execution, depending on the nature of the local services. The vulnerability is limited to GET requests, as POST requests are not possible, but the impact on confidentiality, integrity, and availability is significant due to the potential for stolen credentials and state-changing interactions with internal APIs.

The patched code: * Requires users to opt-in * Suggests using a proxy to prevent requests to local addresses

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "langchain-community"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-3095"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-06-06T22:41:06Z",
    "nvd_published_at": "2024-06-06T19:15:59Z",
    "severity": "MODERATE"
  },
  "details": "A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component in langchain-community (langchain-community.retrievers.web_research.WebResearchRetriever). The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This flaw enables attackers to execute port scans, access local services, and in some scenarios, read instance metadata from cloud environments. The vulnerability is particularly concerning as it can be exploited to abuse the Web Explorer server as a proxy for web attacks on third parties and interact with servers in the local network, including reading their response data. This could potentially lead to arbitrary code execution, depending on the nature of the local services. The vulnerability is limited to GET requests, as POST requests are not possible, but the impact on confidentiality, integrity, and availability is significant due to the potential for stolen credentials and state-changing interactions with internal APIs.\n\nThe patched code:\n* Requires users to opt-in\n* Suggests using a proxy to prevent requests to local addresses",
  "id": "GHSA-q25c-c977-4cmh",
  "modified": "2024-07-24T17:34:39Z",
  "published": "2024-06-06T21:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3095"
    },
    {
      "type": "WEB",
      "url": "https://github.com/langchain-ai/langchain/pull/24451"
    },
    {
      "type": "WEB",
      "url": "https://github.com/langchain-ai/langchain/commit/604dfe2d99246b0c09f047c604f0c63eafba31e7"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/langchain-ai/langchain"
    },
    {
      "type": "WEB",
      "url": "https://github.com/langchain-ai/langchain/releases/tag/langchain-community%3D%3D0.2.9"
    },
    {
      "type": "WEB",
      "url": "https://huntr.com/bounties/e62d4895-2901-405b-9559-38276b6a5273"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Server-Side Request Forgery in langchain-community.retrievers.web_research.WebResearchRetriever"
}

No mitigation information available for this CWE.

CAPEC-664: Server Side Request Forgery

An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.