Lightopenid
1 CVEs
product
Monthly
openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request using the HTTP GET method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
PHP
SSRF
Lightopenid
NVD
CVSS 3.0
9.8
EPSS
1.5%
EPSS 2%
CVSS 9.8
CRITICAL
Act Now
openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request using the HTTP GET method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
PHP
SSRF
Lightopenid
NVD