CVE-2025-61543

Overview

A Host Header Injection vulnerability exists in the password reset functionality of CraftMyCMS 4.0.2.2. The system uses `$_SERVER['HTTP_HOST']` directly to construct password reset links sent via email. An attacker can manipulate the Host header to send malicious reset links, enabling phishing attac...

Critical

Low

Medium

No items found.

Package:

Impact:

Fix:

Year:

CVSS:

Severity:

CVE-2025-61543

Overview

Affected Components

Location

Stop the waste.
Protect your environment with Kodem.

CVE-2025-61543

Overview

Affected Components

Location

Stop the waste.Protect your environment with Kodem.

Stop the waste.
Protect your environment with Kodem.