CNNVD-202507-713 Information

CNNVD ID

CNNVD-202507-713

Related CVE

CVE-2025-43933

• CNNVD Published: 2025-07-07

Description (Chinese)

Blog是中国Xuzijia个人开发者的一个个人博客系统。 Blog 983bede及之前版本存在安全漏洞，该漏洞源于未配置SERVER_NAME导致密码重置功能依赖Host HTTP标头，可能导致账户接管。

Description (English)

Blog is a personal blog system for Xuzija personal developers in China. Blog 983bede and its previous version had a security loophole, which originated from the unconfigured SERVER NAME, which led to the reshuffle function relying on the Host HTTP header, which could lead to the account taking over.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

Live Support

Published

2025-07-07

Last Modified

2026-02-24

References

https://github.com/ghost123gg/fblog/blob/983bedec9f837a54ab2dfd358a9cb45504a2e709/app/templates/auth/email/resetPassword.html#L1-L8 https://github.com/ghost123gg/fblog/issues/5 https://access.redhat.com/security/cve/cve-2025-43933