Skip to main content

Lightopenid

1 CVEs product

Monthly

CVE-2019-11066 CRITICAL Act Now

openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request using the HTTP GET method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SSRF Lightopenid
NVD
CVSS 3.0
9.8
EPSS
1.5%
EPSS 2% CVSS 9.8
CRITICAL Act Now

openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request using the HTTP GET method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SSRF Lightopenid
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy