Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A Header Injection vulnerability exists in Compass Plus TranzWare Online FIMI Web Interface Tranzware Online (TWO) 5.3.33.3 F38 and FIMI 4.2.19.4 25.The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address. This is due to that the server implicitly trusts the Host header, and fails to validate or escape it properly. An attacker can use this input to redirect target users to a malicious domain/web page. This would result in expanding the potential to further attacks and malicious actions.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Compass Plus e-Commerce Payment Gateway 安全漏洞
Vulnerability Description
Compass Plus e-Commerce Payment Gateway是俄罗斯 (Compass Plus)公司的一个应用接口。提供一个支付功能的API接口。 Compass Plus TranzWare Online FIMI Web Interface Tranzware Online (TWO) 5.3.33.3 F38 和 FIMI 4.2.19.4 25存在安全漏洞,该漏洞源于服务器信任主机头,无法正确验证或转义它。攻击者可利用该漏洞使用此输入将目标用户重定向到恶意域/网页。这将导致进一
CVSS Information
N/A
Vulnerability Type
N/A