CVE-2025-43933

Published July 7th, 2025

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

N/A

Affected

PROJECT

Description

fblog through 983bede allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header.

ghost123gg/fblog

A blog system written in flask that I developed when I study flask

GitHub

131