179 matches found
CVE-2025-15154 PbootCMS Header handle.php get_user_ip less trusted source
A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function getuserip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of less trusted source. The attack can be initiat...
CVE-2025-15154 PbootCMS Header handle.php get_user_ip less trusted source
A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function getuserip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of less trusted source. The attack can be initiat...
CVE-2025-15154
CVE-2025-15154 affects PbootCMS (up to 3.2.12). The vulnerable component is Header Handler, function get_user_ip in core/function/handle.php, where manipulation of X-Forwarded-For causes the system to use a less trusted source. Attacks can be remote and public exploits are disclosed. Remediation:...
PT-2025-53670
Name of the Vulnerable Software and Affected Versions PbootCMS versions prior to 3.2.12 Description A security issue exists in PbootCMS that allows for remote manipulation of the X-Forwarded-For argument. This manipulation impacts the get user ip function within the core/function/handle.php file,...
CVE-2025-13803
A vulnerability was identified in MediaCrush 1.0.0/1.0.1. The affected element is an unknown function of the file /mediacrush/paths.py of the component Header Handler. Such manipulation of the argument Host leads to improper neutralization of http headers for scripting syntax. The attack can be...
CVE-2025-13803
A vulnerability was identified in MediaCrush 1.0.0/1.0.1. The affected element is an unknown function of the file /mediacrush/paths.py of the component Header Handler. Such manipulation of the argument Host leads to improper neutralization of http headers for scripting syntax. The attack can be...
CVE-2025-13803 MediaCrush Header paths.py http headers for scripting syntax
A vulnerability was identified in MediaCrush 1.0.0/1.0.1. The affected element is an unknown function of the file /mediacrush/paths.py of the component Header Handler. Such manipulation of the argument Host leads to improper neutralization of http headers for scripting syntax. The attack can be...
CVE-2025-13803
MediaCrush 1.0.0/1.0.1 contains a vulnerability in the Header Handler component (unknown function in /mediacrush/paths.py) where manipulation of the Host argument leads to improper neutralization of HTTP headers for scripting syntax. The issue can be triggered remotely. CVSS scores vary by versio...
PT-2025-48407
Name of the Vulnerable Software and Affected Versions MediaCrush versions 1.0.0 through 1.0.1 Description A flaw exists in MediaCrush that involves improper neutralization of HTTP headers for scripting syntax. This issue is located within an unknown function of the /mediacrush/paths.py file, part...
CVE-2025-13434
A weakness has been identified in jameschz Hush Framework 2.0. The impacted element is an unknown function of the file Hush\hush-lib\hush\Util.php of the component HTTP Host Header Handler. This manipulation of the argument $SERVER'HOST' causes improper neutralization of http headers for scriptin...
CVE-2025-13434 jameschz Hush Framework HTTP Host Header Util.php http headers for scripting syntax
A weakness has been identified in jameschz Hush Framework 2.0. The impacted element is an unknown function of the file Hush\hush-lib\hush\Util.php of the component HTTP Host Header Handler. This manipulation of the argument $SERVER'HOST' causes improper neutralization of http headers for scriptin...
CVE-2025-12344
A vulnerability has been found in Yonyou U8 Cloud up to 5.1sp. The impacted element is an unknown function of the file /service/NCloudGatewayServlet of the component Request Header Handler. Such manipulation of the argument ts/sign leads to unrestricted upload. The attack may be performed from...
CVE-2025-12346 MaxSite CMS HTTP Header uploads-require-maxsite.php unrestricted upload
A vulnerability was detected in MaxSite CMS up to 109. This vulnerability affects unknown code of the file application/maxsite/admin/plugins/autopost/uploads-require-maxsite.php of the component HTTP Header Handler. Performing manipulation of the argument X-Requested-FileName/X-Requested-FileUpDi...
CVE-2025-12344
Summary : CVE-2025-12344 affects Yonyou U8 Cloud up to 5.1sp. The vulnerability lies in an unknown function within /service/NCloudGatewayServlet (Request Header Handler) where manipulation of the ts/sign argument enables an unrestricted file upload. Exploitation can be performed remotely, and pub...
CVE-2025-12344 Yonyou U8 Cloud Request Header NCloudGatewayServlet unrestricted upload
A vulnerability has been found in Yonyou U8 Cloud up to 5.1sp. The impacted element is an unknown function of the file /service/NCloudGatewayServlet of the component Request Header Handler. Such manipulation of the argument ts/sign leads to unrestricted upload. The attack may be performed from...
EUVD-2025-36388
A vulnerability has been found in Yonyou U8 Cloud up to 5.1sp. The impacted element is an unknown function of the file /service/NCloudGatewayServlet of the component Request Header Handler. Such manipulation of the argument ts/sign leads to unrestricted upload. The attack may be performed from...
CVE-2025-12344 Yonyou U8 Cloud Request Header NCloudGatewayServlet unrestricted upload
A vulnerability has been found in Yonyou U8 Cloud up to 5.1sp. The impacted element is an unknown function of the file /service/NCloudGatewayServlet of the component Request Header Handler. Such manipulation of the argument ts/sign leads to unrestricted upload. The attack may be performed from...
CVE-2025-11441
A vulnerability was identified in JhumanJ OpnForm up to 1.9.3. The affected element is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of excessive authentication attempts. The attack is possible to be carrie...
CVE-2025-11441
A vulnerability was identified in JhumanJ OpnForm up to 1.9.3. The affected element is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of excessive authentication attempts. The attack is possible to be carrie...
CVE-2025-11441 JhumanJ OpnForm HTTP Header excessive authentication
A vulnerability was identified in JhumanJ OpnForm up to 1.9.3. The affected element is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of excessive authentication attempts. The attack is possible to be carrie...