CNNVD-202507-722 Information

CNNVD ID

CNNVD-202507-722

Related CVE

CVE-2025-53373

• CNNVD Published: 2025-07-07

Description (Chinese)

Natours是Ahmed Emad个人开发者的一个旅游预订API。 Natours存在授权问题漏洞，该漏洞源于Host标头注入，可能导致账户接管。

Description (English)

Natours is an API tour booking for Ahmed Emad’s personal developer. Natours had a mandate gap, which originated in a post-point injection that could lead to the account being taken over.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

Live Support

Published

2025-07-07

Last Modified

2026-02-24

References

https://github.com/ahmed-elgaml11/Natours/security/advisories/GHSA-8gmw-7p75-58qv https://github.com/ahmed-elgaml11/Natours/commit/7401793a8d9ed0f0c250c4e0ee2815d685d7a70b https://access.redhat.com/security/cve/cve-2025-53373