CVE-2025-6762 | diyhi bbs up to 6.8 HTTP Header /admin/login getUrl Host server-side request forgery

Inserito da Angelo Barbosa | Giu 27, 2025 | CVE

A vulnerability classified as critical has been found in diyhi bbs up to 6.8. This affects the function getUrl of the file /admin/login of the component HTTP Header Handler. The manipulation of the argument Host leads to server-side request forgery.

This vulnerability is uniquely identified as CVE-2025-6762. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

CVE-2025-6762 | diyhi bbs up to 6.8 HTTP Header /admin/login getUrl Host server-side request forgery

Post correlati

CVE-2023-5710 | System Dashboard Plugin up to 2.8.7 on WordPress sd_constants authorization

CVE-2024-32350 | Totolink X5000R 9.1.0cu.2350_B20230313 cstecgi.cgi ipsecPsk improper authentication

CVE-2024-24431 | Open5GS 2.7.0 EMM Message ogs_nas_emm_decode denial of service

CVE-2024-4056 | M-Files Server prior 24.4.13592.4 resource consumption