Количество 2
Количество 2
CVE-2022-25355
почти 4 года назад
EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handle HTTP Host header values, which may lead a remote unauthenticated attacker to direct the vulnerable version of EC-CUBE to send an Email with some forged reissue-password URL to EC-CUBE users.
CVSS3: 5.3
EPSS: Низкий
GHSA-pw97-6v74-9w3p
почти 4 года назад
EC-CUBE improperly handles HTTP Host header values
CVSS3: 5.3
EPSS: Низкий
Уязвимостей на страницу
20
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2022-25355 EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handle HTTP Host header values, which may lead a remote unauthenticated attacker to direct the vulnerable version of EC-CUBE to send an Email with some forged reissue-password URL to EC-CUBE users. | CVSS3: 5.3 | 1% Низкий | почти 4 года назад |
| GHSA-pw97-6v74-9w3p EC-CUBE improperly handles HTTP Host header values | CVSS3: 5.3 | 1% Низкий | почти 4 года назад |
Уязвимостей на страницу
20