| Título | BootDo web V1.0 Host header injection |
|---|
| Descrição | I found a "host header injection" vulnerability in the AccessControlFilter.java file.
The AccessControlFilter.java file is located in the shrio permission validation component of the project.
He used a method called redirectToLogin that invoked the WebUtils.issueRedirect vulnerability, which set the hostname of the request to the host by default |
|---|
| Fonte | ⚠️ https://github.com/webzzaa/CVE-/issues/5 |
|---|
| Utilizador | Tom132432 (UID 85670) |
|---|
| Submissão | 11/01/2026 10h35 (há 6 meses) |
|---|
| Moderação | 24/01/2026 20h20 (13 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 342794 [lcg0124 BootDo até 5ccd963c74058036b466e038cff37de4056c1600 Host Header AccessControlFilter.java redirectToLogin Nome do host Redirect] |
|---|
| Pontos | 18 |
|---|