Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cnvdChina National Vulnerability DatabaseCNVD-2022-05493
HistoryJan 05, 2022 - 12:00 a.m.

Userfrosting has an unspecified vulnerability

2022-01-0500:00:00
China National Vulnerability Database
www.cnvd.org.cn
8
userfrosting
php
security vulnerability
host header injection
password reset

EPSS

0.002

Percentile

62.1%

JSON

Userfrosting is a secure, modern Php user management system. a security vulnerability exists in Userfrosting, which stems from the fact that in Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to a host header injection attack. An attacker could exploit the vulnerability to use the forgot password feature to reset the victim’s password and successfully take over their account.

Related

prion 1
cvelist 1
github 1
nvd 1
veracode 1
osv 2
cve 1
prion
prion
Design/Logic Flaw
2022-01-03 07:15:00
cvelist
cvelist
CVE-2021-25994 Userfrosting - Host-Header Injection Leads to Account Takeover
2022-01-03 06:45:10
github
github
Injection in UserFrosting
2022-01-06 22:22:32
nvd
nvd
CVE-2021-25994
2022-01-03 07:15:07
veracode
veracode
Host Header Injection
2022-01-04 03:30:28
osv
osv
Injection in UserFrosting
2022-01-06 22:22:32
CVE-2021-25994
2022-01-03 07:15:07
cve
cve
CVE-2021-25994
2022-01-03 07:15:07

EPSS

0.002

Percentile

62.1%

JSON
Related for CNVD-2022-05493
prion1cvelist1github1nvd1veracode1osv2cve1