8 matches found
CVE-2021-38751
A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponentconstants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM...
CVE-2022-31109 HTTP Host Header Attack Vulnerability in laminas-diactoros
laminas-diactoros is a PHP package containing implementations of the PSR-7 HTTP message interfaces and PSR-17 HTTP message factory interfaces. Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol,...
GHSA-C8RP-CGF4-937W mezzio-swoole Applications Using Diactoros Vulnerable to HTTP Host Header Attack
Impact mezzio-swoole applications using Diactoros for their PSR-7 implementation, and which are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a Laminas\Diactoros\Uri instance associated with the incoming server request...
GHSA-8274-H5JP-97VR Diactoros before 2.11.1 vulnerable to HTTP Host Header Attack
Impact Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a Laminas\Diactoros\Uri instance associated with the incoming server request modified to reflect values from X-Forwarded-...
Diactoros before 2.11.1 vulnerable to HTTP Host Header Attack.
Description Impact Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a Laminas\Diactoros\Uri instance associated with the incoming server request modified to reflect values from...
Diactoros before 2.11.1 vulnerable to HTTP Host Header Attack.
Impact Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a Laminas\Diactoros\Uri instance associated with the incoming server request modified to reflect values from X-Forwarded-...
CVE-2021-38751
A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponentconstants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM...
CVE-2021-38751
CVE-2021-38751 describes a host header injection in ExponentCMS 2.6 and earlier, exploitable via the file /exponent_constants.php. A crafted HTTP Host header can cause links on the page to be rewritten to arbitrary values, creating a potential MITM attack vector. The publicly referenced sources (...