CNNVD-202512-432 Information

CNNVD ID

CNNVD-202512-432

Related CVE

CVE-2025-66509

• CNNVD Published: 2025-12-04

Description (Chinese)

laradashboard是Lara Dashboard开源的一个内容管理系统。 laradashboard 2.3.0及之前版本存在访问控制错误漏洞，该漏洞源于密码重置流程信任Host标头，可能导致重置令牌被重定向至攻击者控制的服务器，结合模块安装过程可实现任意PHP代码执行。

Description (English)

Raradashboard is an open-source content management system for Lara Dashboard. Ralandashboard 2.3.0 and previous versions have access control error holes, which stem from the password reshuffle process trusting the host header, which could lead to the re-direction of the token to the attacker-controlled server and, in conjunction with the module installation process, to the implementation of any PHP code.

Hazard Level

High

Vulnerability Type

访问控制错误

Affected Vendor

Lara Dashboard

Published

2025-12-04

Last Modified

2026-02-24

References

https://github.com/laradashboard/laradashboard/commit/cc42f9cdf8e59bce794ee2d812a9709b1e6efa87 https://github.com/laradashboard/laradashboard/security/advisories/GHSA-j9mm-c9cj-pc82