| Title | BootDo web V1.0 Host header injection |
|---|
| Description | I found a "host header injection" vulnerability in the AccessControlFilter.java file.
The AccessControlFilter.java file is located in the shrio permission validation component of the project.
He used a method called redirectToLogin that invoked the WebUtils.issueRedirect vulnerability, which set the hostname of the request to the host by default |
|---|
| Source | ⚠️ https://github.com/webzzaa/CVE-/issues/5 |
|---|
| User | Tom132432 (UID 85670) |
|---|
| Submission | 01/11/2026 10:35 (6 months ago) |
|---|
| Moderation | 01/24/2026 20:20 (13 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 342794 [lcg0124 BootDo up to 5ccd963c74058036b466e038cff37de4056c1600 Host Header AccessControlFilter.java redirectToLogin Hostname] |
|---|
| Points | 18 |
|---|