exploitDog

GHSA-3855-8298-m4gc

Опубликовано: 15 дек. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 6.9

Описание

Member Login Script 3.3 contains a client-side desynchronization vulnerability that allows attackers to manipulate HTTP request handling by exploiting Content-Length header parsing. Attackers can send crafted POST requests with smuggled secondary requests to potentially bypass server-side request processing controls.

Member Login Script 3.3 contains a client-side desynchronization vulnerability that allows attackers to manipulate HTTP request handling by exploiting Content-Length header parsing. Attackers can send crafted POST requests with smuggled secondary requests to potentially bypass server-side request processing controls.

Ссылки

EPSS

Процентиль: 20%

0.00066

Низкий

6.9 Medium

CVSS4

CVE ID

Дефекты

CWE-444

Связанные уязвимости

CVE-2023-53878

nvd

около 2 месяцев назад

Member Login Script 3.3 contains a client-side desynchronization vulnerability that allows attackers to manipulate HTTP request handling by exploiting Content-Length header parsing. Attackers can send crafted POST requests with smuggled secondary requests to potentially bypass server-side request processing controls.

EPSS

Процентиль: 20%

0.00066

Низкий

6.9 Medium

CVSS4

CVE ID

Дефекты

CWE-444