2 matches found
CVE-2025-43933
fblog through 983bede allows account takeover via the password reset feature because SERVERNAME is not configured and thus a reset depends on the Host HTTP header...
CVE-2025-43933
Summary (CVE-2025-43933): The issue affects fblog versions up to and including 983bede. A misconfigured SERVER_NAME causes the password reset flow to depend on the Host HTTP header, enabling account takeover via password reset. The root cause is that server name information is not validated, allo...