📦 Pilos

Name: Pilos
Author: Thm

by Thm

🔍 What is Pilos?

Description coming soon...

🛡️ Security Overview

Click on a severity to filter vulnerabilities

⚠️ Known Vulnerabilities

CVE-2023-47107

HIGH CVSS 8.8 Nov 8, 2023

CVE-2023-47107 is a host header injection vulnerability in PILOS that allows attackers to manipulate password reset URLs to point to malicious servers, potentially capturing reset tokens. This affects...

CVE-2025-62781

MEDIUM CVSS 5.0 Oct 27, 2025

This vulnerability allows attackers with stolen session tokens to maintain access to PILOS accounts even after users change their passwords. It affects PILOS (Platform for Interactive Live-Online Semi...

CVE-2025-62523

MEDIUM CVSS 6.3 Oct 27, 2025

PILOS before version 4.8.0 has a CORS misconfiguration that reflects the Origin header without validation while allowing credentials. This could theoretically allow malicious websites to make cross-or...

CVE-2025-62524

MEDIUM CVSS 5.3 Oct 27, 2025

PILOS (Platform for Interactive Live-Online Seminars) before version 4.8.0 exposes the PHP version via the X-Powered-By HTTP header, allowing attackers to fingerprint the server and identify potential...