cbcvebase.
CVE-2023-38877
published 2023-09-28

CVE-2023-38877: A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). By sending a specially crafted host header in…

PriorityP349high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
0.88%
54.6th percentile
A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This allows an attacker to reset other users' passwords.

Affected

3 ranges
VendorProductVersion rangeFixed in
economizzereconomizzer
economizzereconomizzer
gugoaneconomizzer0 – 0.9-beta1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.