Описание
wpDiscuz before 7.6.47 contains an IP spoofing vulnerability in the getIP() function that allows attackers to bypass IP-based rate limiting and ban enforcement by trusting untrusted HTTP headers. Attackers can set HTTP_CLIENT_IP or HTTP_X_FORWARDED_FOR headers to spoof their IP address and circumvent security controls.
Ссылки
- Product
- ProductRelease Notes
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.6.47 (исключая)
cpe:2.3:a:gvectors:wpdiscuz:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 5%
0.00019
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-348
Связанные уязвимости
CVSS3: 5.3
github
14 дней назад
wpDiscuz before 7.6.47 contains an IP spoofing vulnerability in the getIP() function that allows attackers to bypass IP-based rate limiting and ban enforcement by trusting untrusted HTTP headers. Attackers can set HTTP_CLIENT_IP or HTTP_X_FORWARDED_FOR headers to spoof their IP address and circumvent security controls.
EPSS
Процентиль: 5%
0.00019
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-348