CVE-2022-33011

HIGH
Published Jul 8, 20223y ago · Modified Jun 17, 20262w ago
8.8 CVSS 3.1
High
Find Similar
Published Jul 8, 2022 3y ago
Last Modified Jun 17, 2026 2w ago

Description

Known v1.3.1+2020120201 was discovered to allow attackers to perform an account takeover via a host header injection attack.

CVSS Details

Base Score
8.8
Exploitability
2.8
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-74

Affected Products 1

VendorProductVersionRange
withknownknown* ≤1.3.1

References 4

  • blog.jitendrapatro.me https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/
    ExploitThird Party Advisory
  • github.com https://github.com/idno/known
    ProductThird Party Advisory
  • github.com https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Account%20Takeover#account-takeover-through-password-reset-poisoning
    ExploitThird Party Advisory
  • pethuraj.com https://www.pethuraj.com/blog/how-i-earned-800-for-host-header-injection-vulnerability/
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.