References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

https://github.com/e107inc/e107/security/advisories/GHSA-7pmw-jwvr-cq2x

e107 is a content management system (CMS). Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows attackers to manipulate the Host header to generate password reset links pointing to attacker-controlled domains. This can lead to phishing attacks, account takeover, or other security risks. The severity is high, as the vulnerability affects a critical function related to user authentication. This vulnerability is fixed in 2.3.4.

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-20

CWE-807

https://github.com/e107inc/e107/commit/04511f9f1d6e97c31ba7cc5bf7f1f9a19d221db6

https://github.com/e107inc/e107/commit/b0dee8234e273debbf7a8ae054de464f1008f357

https://github.com/e107inc/e107/commit/c4f9f71b0fd695545d0f09e2277b6f70ff4660fc

https://github.com/e107inc/e107/security/advisories/GHSA-7pmw-jwvr-cq2x