Vulners
Lucene search
ExponentCMS <= 2.6 - Host Header Injection
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | The vulnerability of the ExponentCMS content management system lies in the lack of mechanisms for encoding or shielding output data, allowing attackers to compromise the integrity of the protected information. | 10 Sep 202100:00 | – | bdu_fstec |
 | CVE-2021-38751 | 16 Aug 202118:15 | – | circl |
 | ExponentCMS安全漏洞 | 16 Aug 202100:00 | – | cnnvd |
 | ExponentCMS has an unspecified vulnerability | 18 Aug 202100:00 | – | cnvd |
 | CVE-2021-38751 | 16 Aug 202113:53 | – | cve |
 | CVE-2021-38751 | 16 Aug 202113:53 | – | cvelist |
 | CVE-2021-38751 | 16 Aug 202114:15 | – | nvd |
 | Hardcoded credentials | 16 Aug 202114:15 | – | prion |
 | CVE-2021-38751 | 22 May 202520:10 | – | redhatcve |
id: CVE-2021-38751
info:
name: ExponentCMS <= 2.6 - Host Header Injection
author: dwisiswant0
severity: medium
description: An HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value,leading to a possible attack vector for MITM.
impact: |
An attacker can manipulate the Host header to perform various attacks, including phishing, session hijacking, and cache poisoning.
remediation: |
Upgrade ExponentCMS to a version higher than 2.6 or apply the provided patch to fix the Host Header Injection vulnerability.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2021-38751
- https://github.com/exponentcms/exponent-cms/issues/1544
- https://github.com/exponentcms/exponent-cms/blob/a9fa9358c5e8dc2ce7ad61d7d5bea38505b8515c/exponent_constants.php#L56-L64
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/ARPSyndicate/cvemon
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cvss-score: 4.3
cve-id: CVE-2021-38751
cwe-id: CWE-116
epss-score: 0.02468
epss-percentile: 0.82478
cpe: cpe:2.3:a:exponentcms:exponentcms:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: exponentcms
product: exponentcms
tags: cve2021,cve,exponentcms,vuln
http:
- method: GET
path:
- "{{BaseURL}}"
headers:
Host: '{{randstr}}.tld'
matchers-condition: and
matchers:
- type: word
part: body
words:
- '{{randstr}}.tld'
- 'EXPONENT.PATH'
- 'EXPONENT.URL'
condition: and
- type: status
status:
- 200
# digest: 490a0046304402204127a277cfe1b00792bc2eec20c38de7701b944501607e8c2f83e5661badb6c90220248d41e3c6d39ab47fcd3e3572bc26d3e0b0e072ff55a8a26fba566184f89952:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
5.9Medium risk
Vulners AI Score5.9
CVSS 3.14.3
CVSS 24.3
EPSS0.02468