CNNVD-202509-3999 Information

CNNVD ID

CNNVD-202509-3999

Related CVE

CVE-2025-10944

• CNNVD Published: 2025-09-25

Description (Chinese)

get-header-ip是Yige个人开发者的一个获取客户端IP地址的接口。 get-header-ip 589b23d0eb0043c310a6a13ce4bbe2505d0d0b15及之前版本存在代码注入漏洞，该漏洞源于对文件ip.php中函数ip的参数callback的错误操作，可能导致跨站脚本攻击。

Description (English)

Get-header-ip is an interface for Yie personal developers to access the client ’ s IP address. A code-injecting loophole exists in the 589b-ip23d0eb0043c310a310a13ce4bbe2505d0d0b15 and earlier versions, which stems from an error in the operation of the parameter Callback for function ip in ip.php, which may result in a cross-site script attack.

Hazard Level

Critical

Vulnerability Type

代码注入

Affected Vendor

LitexMedia

Published

2025-09-25

Last Modified

2026-02-24

References

https://github.com/yi-ge/get-header-ip/blob/master/ip.php#L32 https://vuldb.com/?ctiid.325814 https://vuldb.com/?id.325814 https://vuldb.com/?submit.651884