Pigeon 注入漏洞

Pigeon is a lightweight bulletin board/notepad/social system/blog developed by Akkariin Meiko as an individual project. Versions of Pigeon prior to 1.0.201 contained a injection vulnerability. This vulnerability stemmed from the application’s use of unvalidated $SERVERHTTPHOST in the email...

CVE-2026-32616 Pigeon has a Host Header Injection in email verification flow

Pigeon is a message board/notepad/social system/blog. Prior to 1.0.201, the application uses $SERVER'HTTPHOST' without validation to construct email verification URLs in the register and resendmail flows. An attacker can manipulate the Host header in the HTTP request, causing the verification lin...

Pigeon 代码问题漏洞

Pigeon is a lightweight message board/notepad/social system/blog by the individual developer Akkariin Meiko. A code issue vulnerability exists in Pigeon version 1.0.177, which stems from a parameter url in the file /pigeon/imgproxy/index.php that can lead to server-side request forgery...