PT-2023-21020 · Unknown · Lavalite Cms

M19O

Publicado

2023-05-12

Atualizado

2025-01-24

CVE-2023-27237

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions LavaLite CMS version 9.0.0

Description The issue is related to a host header injection attack. This type of attack involves manipulating the host header in HTTP requests to potentially bypass security controls or access unauthorized resources.

Recommendations For LavaLite CMS version 9.0.0, as a temporary workaround, consider restricting access to the Host header in incoming requests until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-27237

GHSA-94Q4-V5G6-QP7X

Produtos afetados

Lavalite Cms

PT-2023-21020 · Unknown · Lavalite Cms

CVE-2023-27237

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11