CVE-2021-38290

2021-08-0911:15:07

Google

osv.dev

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.7%

JSON

A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php. An attacker can use a man in the middle attack such as phishing.

CPENameOperatorVersion
fuel-cmseq1.0.4
fuel-cmseq1.0.2
fuel-cmseq1.0.1
fuel-cmseq1.4.10
fuel-cmseq1.4.11
fuel-cmseq0.9.2
fuel-cmseq1.3.2
fuel-cmseq1.2.1
fuel-cmseq1.4.9
fuel-cmseq1.0.3

Name	Operator	Version
fuel-cms	eq	1.0.4
fuel-cms	eq	1.0.2
fuel-cms	eq	1.0.1
fuel-cms	eq	1.4.10
fuel-cms	eq	1.4.11
fuel-cms	eq	0.9.2
fuel-cms	eq	1.3.2
fuel-cms	eq	1.2.1
fuel-cms	eq	1.4.9
fuel-cms	eq	1.0.3