| Название | jameschz Hush 2.0 Improper Neutralization of HTTP Headers for Scripting Syntax |
|---|
| Описание | $_SERVER['HOST'] is populated from the HTTP Host header submitted by the client. When the application uses this value directly to build absolute URLs, generate links in emails, or reflect it into HTML responses, an attacker can supply an arbitrary Host header and achieve a range of impacts |
|---|
| Источник | ⚠️ https://github.com/lakshayyverma/CVE-Discovery/blob/main/hush.md |
|---|
| Пользователь | lakshay12311 (UID 91298) |
|---|
| Представление | 02.11.2025 13:19 (6 месяцы назад) |
|---|
| Модерация | 19.11.2025 17:55 (17 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 332978 [jameschz Hush Framework 2.0 HTTP Host Header Util.php $_SERVER['HOST']] |
|---|
| Баллы | 18 |
|---|