CVE-2022-33011
HIGH
Published Jul 8, 20223y ago · Modified Jun 17, 20262w ago
8.8 CVSS 3.1
Published Jul 8, 2022 3y ago
Last Modified Jun 17, 2026 2w ago
Description
Known v1.3.1+2020120201 was discovered to allow attackers to perform an account takeover via a host header injection attack.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
No active exploitation signals — not in CISA KEV and no EPSS score yet.
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-74
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| withknown | known | * | ≤1.3.1 |
References 4
- blog.jitendrapatro.me https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/
- github.com https://github.com/idno/known
- github.com https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Account%20Takeover#account-takeover-through-password-reset-poisoning
- pethuraj.com https://www.pethuraj.com/blog/how-i-earned-800-for-host-header-injection-vulnerability/
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.