cpp-httplib Untrusted HTTP Header Handling Vulnerability Allowing Header Injection and Authorization Bypass Volerion Risk Score: 7.3 Why this matters cpp-httplib versions ≤ 0.26.0 allow attackers to spoof critical metadata headers like REMOTE_ADDR and LOCAL_PORT. Downstream components that rely on these headers for logging, auditing, or IP-based access controls may trust attacker-supplied values, enabling IP spoofing, log poisoning, and unauthorized access to protected resources. Recommended...

cpp-httplib Untrusted Header Handling Vulnerability Leading to Log Poisoning Volerion Risk Score: 7.3 Why this matters cpp-httplib versions 0.26.0 and earlier trust attacker-supplied X-Forwarded-For and X-Real-IP headers without validation. An unauthenticated remote attacker can spoof client IP information, leading to log poisoning that undermines the integrity of audit trails and monitoring. Recommended actions Upgrade to cpp-httplib 0.27.0 or later, which disables acceptance of untrusted...

ThinkPHP Remote Code Execution Vulnerability in Template File Inclusion Volerion Risk Score: 7.9 Why this matters The template file inclusion mechanism in ThinkPHP 5.0.24 can be abused to load attacker-controlled files containing PHP code. Successful exploitation leads to unauthenticated remote code execution on the web server, granting full control over the application and underlying host. Recommended actions Update ThinkPHP to a version that addresses this vulnerability. Implement strict...