3 matches found
CVE-2025-6762
A vulnerability classified as critical has been found in diyhi bbs up to 6.8. This affects the function getUrl of the file /admin/login of the component HTTP Header Handler. The manipulation of the argument Host leads to server-side request forgery. It is possible to initiate the attack remotely...
CVE-2025-6762 diyhi bbs HTTP Header login getUrl server-side request forgery
A vulnerability classified as critical has been found in diyhi bbs up to 6.8. This affects the function getUrl of the file /admin/login of the component HTTP Header Handler. The manipulation of the argument Host leads to server-side request forgery. It is possible to initiate the attack remotely...
CVE-2025-6762
CVE-2025-6762 affects diyhi bbs up to version 6.8. The issue is in the HTTP Header Handler’s getUrl function for /admin/login, where manipulating the Host argument enables server-side request forgery (SSRF). Exploitation is possible remotely and has been disclosed publicly. Connected documents co...