Add CVE-2021-38751

cves/2021/CVE-2021-38751.yaml

@@ -0,0 +1,27 @@
+id: CVE-2021-38751
+
+info:
+  name: ExponentCMS <= 2.6 Host Header Injection
+  author: dwisiswant0
+  severity: medium
+  description: |
+    A HTTP Host header attack exists in ExponentCMS 2.6
+    and below in /exponent_constants.php. A modified HTTP
+    header can change links on the webpage to an arbitrary value,
+    leading to a possible attack vector for MITM.
+  reference: |
+    - https://github.com/exponentcms/exponent-cms/issues/1544
+    - https://github.com/exponentcms/exponent-cms/blob/a9fa9358c5e8dc2ce7ad61d7d5bea38505b8515c/exponent_constants.php#L56-L64
+  tags: cve,cve2021,exponentcms
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/"
+    headers:
+      Host: "{{interactsh-url}}"
+    matchers:
+      - type: word
+        words:
+          - "{{interactsh-url}}"
+        part: body