Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
Vulnerability Description
Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Vulnerability Type
输入验证不恰当
Vulnerability Title
PHP 安全漏洞
Vulnerability Description
PHP是一种在服务器端执行的脚本语言。 PHP存在安全漏洞,该漏洞源于允许设置一个标准的不安全cookie。
CVSS Information
N/A
Vulnerability Type
N/A