CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
9.0%
pimcore/admin-ui-classic-bundle is vulnerable to Host Header Injection. The vulnerability is caused due to unsafely using the host header from incoming HTTP requests when generating URLs in the function invitationLinkAction
within UserController.php
, specifically in the way $loginUrl
trusts user input. An attacker can manipulate the HTTP host header in requests to the /admin/user/invitationlink
endpoint, resulting in the generation of URLs with the attacker’s domain resulting in further attacks like phishing due to manipulated host header.