VYPR
Low severity3.7NVD Advisory· Published Jan 4, 2017· Updated Jun 17, 2026

CVE-2016-7903

CVE-2016-7903

Description

Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Dotclear/Dotclear2 versions
    cpe:2.3:a:dotclear:dotclear:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:dotclear:dotclear:*:*:*:*:*:*:*:*range: <=2.10.2
    • (no CPE)range: <2.10.3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.