There is a Host header injection vulnerability in Feehi CMS 2.1.1. An attacker may exploit this by sending a crafted request to the targeted user. This can be exploited by craft a malicious email that may force user to reset their credentials. If a user has their password reset, an attacker may then access the account and execute arbitrary code on the user’s system. An attacker may also spoof a particular header via a malicious request. This can be exploited by sending a crafted request to the targeted user.

In order to exploit this vulnerability, the attacker must be able to send a crafted request to the targeted user. This may be possible if the user has their credentials accessible by the attacker. An attacker may also spoof a particular header via a malicious request. This can be exploited by sending a crafted request to the targeted user. In order to exploit this vulnerability, the attacker must be able to send a crafted request to the targeted user. This may be possible if the user has their credentials accessible by the attacker. An attacker may also spoof a particular header via a malicious request. This can be exploited by sending a crafted request to the targeted user. In order to exploit this vulnerability, the attacker must be able to send a crafted request to the targeted user. This may be possible if the user has their credentials accessible by the attacker. An attacker may also spoof a particular header via a malicious request

Vulnerability overview

A Host header injection vulnerability was found in Feehi CMS 2.1.1. An attacker may exploit this by sending a crafted request to the targeted user. This can be exploited by craft a malicious email that may force user to reset their credentials. If a user has their password reset, an attacker may then access the account and execute arbitrary code on the user’s system. An attacker may also spoof a particular header via a malicious request. This can be exploited by sending a crafted request to the targeted user.
An attacker must have credentials for the targeted user's account, or be able to send them a crafted request to exploit this vulnerability

Vulnerable versions

CVE-2022-38796 is vulnerable in versions 2.1.1 and prior.

Vulnerability Discovery

The vulnerability was obtained through fuzzing on the target application. There were two different vulnerabilities that formed this vulnerability.
1) An attacker may craft a malicious email that will force the targeted user to reset their credentials. If a user has their password reset, an attacker may then access the account and execute arbitrary code on the system.
2) An attacker may spoof a particular header via a malicious request and exploit this vulnerability by sending a crafted request to the targeted user.

Timeline

Published on: 09/14/2022 15:15:00 UTC
Last modified on: 09/16/2022 19:19:00 UTC

References