Host Header Attack Vulnerability in FUEL CMS by Daylight Studio
CVE-2021-38290

8.1HIGH

Key Information:

Vendor: Thedaylightstudio
Status: Fuel Cms
Vendor: CVE Published:; 9 August 2021

🔔 Create Thedaylightstudio Vulnerability Alert

What is CVE-2021-38290?

A vulnerability exists in FUEL CMS 1.5.0 that allows attackers to exploit host header attacks through specific files in the framework, potentially leading to man-in-the-middle attacks. This can happen during instances where an attacker manipulates the host header to redirect users inadvertently, enhancing the risk of phishing and compromising data integrity. It is crucial for users and administrators to be aware of this issue and apply appropriate security measures.

References

https://github.com/daylightstudio/FUEL-CMS/issues/580

x_refsource_MISC

https://github.com/daylightstudio/FUEL-CMS/commit/8a0d88a...

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 9, 2021
Vulnerability Reserved
Aug 9, 2021

CVE-2021-38290 Data

JSON