CVE-2022-33011
published 2022-07-08CVE-2022-33011: Known v1.3.1+2020120201 was discovered to allow attackers to perform an account takeover via a host header injection attack.
PriorityP341high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
1.21%
64.7th percentile
Known v1.3.1+2020120201 was discovered to allow attackers to perform an account takeover via a host header injection attack.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| idno | known | 0 – 1.3.1 | — |
| withknown | known | <= 1.3.1 | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Known vulnerable to account takeover via host header injection attack in v1.3.1
osv·2022-07-09
CVE-2022-33011 [HIGH] Known vulnerable to account takeover via host header injection attack in v1.3.1
Known vulnerable to account takeover via host header injection attack in v1.3.1
Known v1.3.1 was discovered to allow attackers to perform an account takeover via a host header injection attack.
The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x branch is currently on the `dev` branch of the idno/known repository.
GHSA
Known vulnerable to account takeover via host header injection attack in v1.3.1
ghsa·2022-07-09
CVE-2022-33011 [HIGH] CWE-74 Known vulnerable to account takeover via host header injection attack in v1.3.1
Known vulnerable to account takeover via host header injection attack in v1.3.1
Known v1.3.1 was discovered to allow attackers to perform an account takeover via a host header injection attack.
The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x branch is currently on the `dev` branch of the idno/known repository.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/https://github.com/idno/knownhttps://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Account%20Takeover#account-takeover-through-password-reset-poisoninghttps://www.pethuraj.com/blog/how-i-earned-800-for-host-header-injection-vulnerability/https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/https://github.com/idno/knownhttps://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Account%20Takeover#account-takeover-through-password-reset-poisoninghttps://www.pethuraj.com/blog/how-i-earned-800-for-host-header-injection-vulnerability/
2022-07-08
Published