Nyein Chan Aung issues

Results 5 issues of


                                            Nyein Chan Aung

Security Vulnerability Report: Host Header Injection in CraftMyCMS 4.0.2.2

**Reported by:** Nyein Chan Aung(bugdotexe) **Affected Version:** CraftMyCMS 4.0.2.2 **CVE Requested:** Yes --- ## Summary A **Host Header Injection** vulnerability exists in the password reset functionality of CraftMyCMS 4.0.2.2. The...

Host Header Injection, Password Reset Link Manipulation, Account Takeover

# 🛑 Security Issue: Host Header Injection → Password Reset Link Manipulation → Account Takeover **Severity:** High **Vulnerability Type:** Host Header Injection, Password Reset Link Manipulation, Account Takeover **Affected Component(s):**...

BUG: Host header injection & insecure password-reset link (magic link uses untrusted `req.headers.host` + `http`) leading to account takeover

### Is there an existing issue for this? - [x] I have searched the existing issues ### What happened? Hello,My name is Nyein Chan Aung and I am a bug...

Bug Report : Request CVE ID — Email confirmation bypass via Host Header Injection in perfood/couch-auth

# Email confirmation bypass via Host Header Injection **Severity:** High **Repository / Project:** https://github.com/perfood/couch-auth [ couch-auth v0.21.2 Lateset ] --- ## Summary A Host header injection in the email confirmation...

Host header injection — password reset link uses `$_SERVER['HTTP_HOST']` unvalidated leadin to Account takeover

# Host header injection — password reset link uses `$_SERVER['HTTP_HOST']` unvalidated **Severity:** High **Component:** Password reset / email generation (`password_reset.php`) **Affected versions:** *Please fill in the exact product name/version(s) tested...