2 matches found
CVE-2024-25625
Pimcore Admin UI Classic Bundle (prior to 1.3.4) is vulnerable to Host Header Injection via the invitationLinkAction in UserController. The login URL is built using unvalidated host headers when generating $loginUrl, allowing an attacker to inject a malicious domain into invitation emails and ena...
CVE-2024-25625
creationtimestamp| type| source ---|---|--- 2024-02-19 08:52:02+00:00| published-proof-of-concept| https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-3qpq-6w89-f7mx 2024-02-19 17:21:59+00:00| seen| https://t.me/ctinow/187827 2024-02-19 17:26:27+00:00| seen|...