CVE-2025-43933 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

fblog through 983bede allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP hea…
Critical CVSS: 9.8

CVE-2025-43933

fblog through 983bede allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header.
Vendor
-
Product
-
CWE
CWE-472
Yayın Tarihi
2025-07-07 16:15:23
Güncelleme
2025-07-08 18:15:28
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-472 CRITICAL 2025

Referanslar

https://github.com/ghost123gg/fblog/blob/983bedec9f837a54ab2dfd358a9cb45504a2e709/app/templates/auth/email/resetPassword.html#L1-L8 https://github.com/ghost123gg/fblog/issues/5