2 matches found
CVE-2025-71281
XenForo before 2.3.7 contains a template method-call restriction bypass. The issue stems from a loose prefix match instead of a strict first-word match for methods accessible via callbacks and variable method calls in templates, potentially allowing unauthorized method invocations. Affected softw...
CVE-2025-71281 XenForo Template Method Call Restriction Bypass
XenForo before 2.3.7 does not properly restrict methods callable from within templates. A loose prefix match was used instead of a stricter first-word match for methods accessible through callbacks and variable method calls in templates, potentially allowing unauthorized method invocations...