Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Userfrosting - Host-Header Injection Leads to Account Takeover
Vulnerability Description
In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the “forgot password” functionality to reset the victim’s password and successfully take over their account.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Vulnerability Title
Userfrosting 注入漏洞
Vulnerability Description
Userfrosting是一个安全、现代的 Php 用户管理系统。 Userfrosting 存在安全漏洞,该漏洞源于在Userfrosting中,v0.3.1到v4.6.2版本容易受到主机头注入的攻击。攻击者可利用该漏洞使用忘记密码功能来重置受害者的密码,并成功地占领他们的帐户。
CVSS Information
N/A
Vulnerability Type
N/A