2021-08-16 19:18:49 +00:00
id : CVE-2021-38751
info :
2022-11-29 05:48:51 +00:00
name : ExponentCMS <= 2.6 - Host Header Injection
2021-08-16 19:18:49 +00:00
author : dwisiswant0
severity : medium
2023-04-12 10:55:48 +00:00
description : An HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value,leading to a possible attack vector for MITM.
2023-09-27 15:51:13 +00:00
impact : |
An attacker can manipulate the Host header to perform various attacks, including phishing, session hijacking, and cache poisoning.
2023-09-06 12:09:01 +00:00
remediation : |
Upgrade ExponentCMS to a version higher than 2.6 or apply the provided patch to fix the Host Header Injection vulnerability.
2021-08-20 12:34:08 +00:00
reference :
2022-03-25 11:45:10 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2021-38751
2021-08-16 19:18:49 +00:00
- https://github.com/exponentcms/exponent-cms/issues/1544
- https://github.com/exponentcms/exponent-cms/blob/a9fa9358c5e8dc2ce7ad61d7d5bea38505b8515c/exponent_constants.php#L56-L64
2024-06-07 10:04:29 +00:00
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/ARPSyndicate/cvemon
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
2022-04-22 10:38:41 +00:00
cvss-score : 4.3
2021-09-10 11:26:40 +00:00
cve-id : CVE-2021-38751
cwe-id : CWE-116
2024-06-07 10:04:29 +00:00
epss-score : 0.0012
epss-percentile : 0.46178
2023-09-06 12:09:01 +00:00
cpe : cpe:2.3:a:exponentcms:exponentcms:*:*:*:*:*:*:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2023-07-11 19:49:27 +00:00
vendor : exponentcms
product : exponentcms
2024-01-14 09:21:50 +00:00
tags : cve2021,cve,exponentcms
2021-08-16 19:18:49 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-08-16 19:18:49 +00:00
- method : GET
path :
2021-08-25 21:13:53 +00:00
- "{{BaseURL}}"
2021-08-16 19:18:49 +00:00
headers :
2023-07-11 19:49:27 +00:00
Host : '{{randstr}}.tld'
2021-08-17 11:43:45 +00:00
matchers-condition : and
2021-08-16 19:18:49 +00:00
matchers :
2021-08-25 21:13:53 +00:00
- type : word
2023-07-11 19:49:27 +00:00
part : body
2021-08-25 21:13:53 +00:00
words :
- '{{randstr}}.tld'
- 'EXPONENT.PATH'
- 'EXPONENT.URL'
condition : and
2021-08-17 11:42:51 +00:00
- type : status
status :
2022-03-25 11:45:10 +00:00
- 200
2024-06-08 16:02:17 +00:00
# digest: 4a0a0047304502200c9de711b9786c049f73c15b0223611bef7cb5071f7c90fffa3216428df1c0cf022100d0de84a185ff234412a326bd15ec0e53cda0c64981c4d4c3eb436f7698cb3dd3:922c64590222798bb761d5b6d8e72950