Описание
WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. It uses user-entered values to redirect pages. NOTE: the vendor reports that exploitation is unlikely because the attack can only come from a local machine or from the administrator as a self attack
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:wondercms:wondercms:2.3.1:*:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.11226
Средний
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-74
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
** DISPUTED ** WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. It uses user-entered values to redirect pages. NOTE: the vendor reports that exploitation is unlikely because the attack can only come from a local machine or from the administrator as a self attack.
EPSS
Процентиль: 93%
0.11226
Средний
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-74