In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by…
Link: http://feeds.security-database.com/~r/Last100Alerts/~3/zjcmqawqH94/detail.php