exploitDog

GHSA-4p5p-p6w9-4wxg

Опубликовано: 07 июл. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

fblog through 983bede allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header.

fblog through 983bede allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header.

Ссылки

EPSS

Процентиль: 21%

0.00069

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-472

Связанные уязвимости

CVE-2025-43933

CVSS3: 9.8

nvd

7 месяцев назад

fblog through 983bede allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header.

EPSS

Процентиль: 21%

0.00069

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-472