CNNVD-202510-2352 Information

CNNVD ID

CNNVD-202510-2352

Related CVE

CVE-2025-61543

• CNNVD Published: 2025-10-16

Description (Chinese)

CraftMyCMS是Kévin GUIOT个人开发者的一个内容管理系统。 CraftMyCMS 4.0.2版本存在安全漏洞，该漏洞源于密码重置功能直接使用HTTP_HOST标头构造重置链接，可能导致钓鱼攻击或账户接管。

Description (English)

CraftMyCMS is a content management system for Kévin GUIOT personal developers. There is a security loophole in version 4.2 of CraftMyCMS, which stems from the re-engineered link directly using HTTP HOST header, which may lead to fishing attacks or account takeovers.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-10-16

Last Modified

2026-02-24

References

https://github.com/bugdotexe/Vulnerability-Research/tree/main/CVE-2025-61543 https://owasp.org/www-community/vulnerabilities/HTTP_Host_header_injection

Patch

https://craftcms.com/