Описание
Beehive Forum 1.5.2 contains a host header injection vulnerability in the forgot password functionality that allows attackers to manipulate password reset requests. Attackers can inject a malicious host header to intercept password reset tokens and change victim account passwords without direct authentication.
Ссылки
- Exploit
- Product
- Product
- Exploit
- Third Party Advisory
- Exploit
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:beehiveforum:beehive_forum:1.5.2:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.00279
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-640
Связанные уязвимости
CVSS3: 7.5
github
25 дней назад
Beehive Forum 1.5.2 contains a host header injection vulnerability in the forgot password functionality that allows attackers to manipulate password reset requests. Attackers can inject a malicious host header to intercept password reset tokens and change victim account passwords without direct authentication.
EPSS
Процентиль: 51%
0.00279
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-640