We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
SSRF and reflected XSS attacks by calling setup with specific parameters
Fixed in 2.6.5 and 2.7.5 and later
Combodo ref N°3952 & N°3951
Many thanks to Kirill Seleznev / Kaspersky for this report !
If you have any questions or comments about this advisory: Email us at [email protected]
Impact
SSRF and reflected XSS attacks by calling setup with specific parameters
Patches
Fixed in 2.6.5 and 2.7.5 and later
References
Combodo ref N°3952 & N°3951
Credits
Many thanks to Kirill Seleznev / Kaspersky for this report !
For more information
If you have any questions or comments about this advisory:
Email us at [email protected]