CVE-2019-11066
CVE-2019-11066 affects LightOpenID up to version 1.3.1, where openid.php is vulnerable to SSRF via a crafted OpenID 2.0 assertion request that uses HTTP GET. The vulnerability originates in LightOpenID’s handling of OpenID 2.0 assertion requests, enabling server-side requests to arbitrary destina...