Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrNoobexploiterhuntrdevA7E40FDF-A333-4A50-8A53-D11B16CE3EC2
HistoryMar 11, 2022 - 4:05 p.m.

Host Header injection in password Reset

2022-03-1116:05:20
noobexploiterhuntrdev
www.huntr.dev
26

0.002 Low

EPSS

Percentile

56.6%

JSON

Description

The password reset uses $_SERVER[‘HTTP_HOST’] to generate the password without any checks or filtering. Allowing a malicious attacker to generate a fake password reset link to steal password reset tokens which may lead to account takeover

Impact

Account Takeover

Related

cvelist 1
nvd 1
prion 1
osv 2
cnvd 1
cve 1
veracode 1
cvelist
cvelist
CVE-2022-0935 Host Header injection in password Reset in livehelperchat/livehelperchat
2022-04-07 18:21:42
nvd
nvd
CVE-2022-0935
2022-04-07 19:15:08
prion
prion
Design/Logic Flaw
2022-04-07 19:15:00
osv
osv
BIT-livehelperchat-2022-0935
2024-03-06 10:56:15
CVE-2022-0935
2022-04-07 19:15:08
cnvd
cnvd
An unspecified vulnerability exists in livehelperchat (CNVD-2022-55057)
2022-04-11 00:00:00
cve
cve
CVE-2022-0935
2022-04-07 19:15:08
veracode
veracode
Host Header Injection
2022-04-08 07:54:44

0.002 Low

EPSS

Percentile

56.6%

JSON
Related for A7E40FDF-A333-4A50-8A53-D11B16CE3EC2
cvelist1nvd1prion1osv2cnvd1cve1veracode1