| Titolo | BootDo web V1.0 Host header injection |
|---|
| Descrizione | I found a "host header injection" vulnerability in the AccessControlFilter.java file.
The AccessControlFilter.java file is located in the shrio permission validation component of the project.
He used a method called redirectToLogin that invoked the WebUtils.issueRedirect vulnerability, which set the hostname of the request to the host by default |
|---|
| Fonte | ⚠️ https://github.com/webzzaa/CVE-/issues/5 |
|---|
| Utente | Tom132432 (UID 85670) |
|---|
| Sottomissione | 11/01/2026 10:35 (6 mesi fa) |
|---|
| Moderazione | 24/01/2026 20:20 (13 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 342794 [lcg0124 BootDo fino a 5ccd963c74058036b466e038cff37de4056c1600 Host Header AccessControlFilter.java redirectToLogin Nome host Redirect] |
|---|
| Punti | 18 |
|---|