Vulnerability Details : CVE-2023-36085
Public exploit exists!
The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to phishing attacks, malware distribution, and unauthorized access to sensitive resources.
Vulnerability category: Open redirectBypass
Products affected by CVE-2023-36085
- Sisqualwfm » Sisqualwfm » For AndroidVersions from including (>=) 7.1.319.103 and before (<) 7.1.319.111cpe:2.3:a:sisqualwfm:sisqualwfm:*:*:*:*:*:android:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-36085
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 34 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-36085
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.1
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST |
CWE ids for CVE-2023-36085
-
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-36085
-
http://packetstormsecurity.com/files/176991/SISQUAL-WFM-7.1.319.103-Host-Header-Injection.html
SISQUAL WFM 7.1.319.103 Host Header Injection ≈ Packet Storm
-
https://github.com/omershaik0/Handmade_Exploits/tree/main/SISQUALWFM-Host-Header-Injection-CVE-2023-36085
Handmade_Exploits/SISQUALWFM-Host-Header-Injection-CVE-2023-36085 at main · omershaik0/Handmade_Exploits · GitHubExploit;Third Party Advisory
Jump to