CNNVD-202506-3515 Information

CNNVD ID

CNNVD-202506-3515

Related CVE

CVE-2025-6762

• CNNVD Published: 2025-06-27

Description (Chinese)

diyhi bbs（巡云轻论坛系统）是diyhi个人开发者的一个论坛系统。 diyhi bbs 6.8及之前版本存在安全漏洞，该漏洞源于HTTP头处理组件中getUrl函数对Host参数操作不当，可能导致服务端请求伪造攻击。

Description (English)

Diyhibbs (the cloud light forum system) is a forum system for diyhi personal developers. There is a security loophole in the diyhi bs 6.8 and earlier versions, which stems from the inappropriate operation of the GetUrl function in the HTTP head-processing component on the Host parameter, which may result in the service requesting a false attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Live Support

Published

2025-06-27

Last Modified

2026-02-24

References

https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250618-02.md https://vuldb.com/?ctiid.314073 https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250618-02.md#steps-to-reproduce https://vuldb.com/?id.314073 https://vuldb.com/?submit.598896 https://nvd.nist.gov/vuln/detail/CVE-2025-6762