HTTP Host Header Injection in WonderCMS by WonderCMS
CVE-2017-14523

7.5HIGH

Key Information:

Vendor: Wondercms
Status: Wondercms
Vendor: CVE Published:; 26 January 2018

What is CVE-2017-14523?

WonderCMS version 2.3.1 is susceptible to an HTTP Host header injection vulnerability. This issue arises from the application's reliance on user-provided input for page redirections, allowing for possible manipulation of HTTP requests. While the vendor suggests that successful exploitation is unlikely due to the requirement for an attacking entity to operate from the local machine or as a self-attack by the administrator, the vulnerability poses risks if left unaddressed.

References

https://securitywarrior9.blogspot.in/2018/01/host-header-...

x_refsource_MISC

https://www.exploit-db.com/exploits/43964/

exploitx_refsource_EXPLOIT-DB

EPSS Score

11% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 26, 2018
Vulnerability Reserved
Sep 17, 2017

Wondercms

What is CVE-2017-14523?

References

EPSS Score

CVSS V3.1

Timeline