Low severity3.7NVD Advisory· Published Jan 4, 2017· Updated Jun 17, 2026
CVE-2016-7903
CVE-2016-7903
Description
Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
4- dotclear.org/blog/post/2016/11/01/Dotclear-2.10.3nvdPatchVendor Advisory
- hg.dotclear.org/dotclear/rev/bb06343f4247nvdPatch
- www.openwall.com/lists/oss-security/2016/10/05/5nvdMailing List
- www.securityfocus.com/bid/93439nvd
News mentions
0No linked articles in our index yet.