CVE-2024-25625
Pimcore Admin UI Classic Bundle (prior to 1.3.4) is vulnerable to Host Header Injection via the invitationLinkAction in UserController. The login URL is built using unvalidated host headers when generating $loginUrl, allowing an attacker to inject a malicious domain into invitation emails and ena...