From 8fa76f68f69d1d04559692eba51d2f738cc98d70 Mon Sep 17 00:00:00 2001 From: Dwi Siswanto Date: Tue, 17 Aug 2021 02:18:49 +0700 Subject: [PATCH] Add CVE-2021-38751 --- cves/2021/CVE-2021-38751.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 cves/2021/CVE-2021-38751.yaml diff --git a/cves/2021/CVE-2021-38751.yaml b/cves/2021/CVE-2021-38751.yaml new file mode 100644 index 0000000000..abba46bdb9 --- /dev/null +++ b/cves/2021/CVE-2021-38751.yaml @@ -0,0 +1,27 @@ +id: CVE-2021-38751 + +info: + name: ExponentCMS <= 2.6 Host Header Injection + author: dwisiswant0 + severity: medium + description: | + A HTTP Host header attack exists in ExponentCMS 2.6 + and below in /exponent_constants.php. A modified HTTP + header can change links on the webpage to an arbitrary value, + leading to a possible attack vector for MITM. + reference: | + - https://github.com/exponentcms/exponent-cms/issues/1544 + - https://github.com/exponentcms/exponent-cms/blob/a9fa9358c5e8dc2ce7ad61d7d5bea38505b8515c/exponent_constants.php#L56-L64 + tags: cve,cve2021,exponentcms + +requests: + - method: GET + path: + - "{{BaseURL}}/" + headers: + Host: "{{interactsh-url}}" + matchers: + - type: word + words: + - "{{interactsh-url}}" + part: body