Primary

Context

CraftMyCMS Host Header Injection Vulnerability in Password Reset Functionality

Vulnerability

A Host Header Injection vulnerability has been identified in CraftMyCMS version 4.0.2.2, specifically within the password reset feature. The vulnerability arises because the application directly uses the Host header from the server variables to create password reset links sent via email. This allows attackers to manipulate the Host header and craft malicious reset links, potentially leading to phishing attacks or account takeover.

Impact

Exploitation of this vulnerability could result in phishing attacks, interception of password reset tokens, and unauthorized account access by redirecting victims to attacker-controlled domains.

Reproduction

To reproduce this vulnerability, send a POST request to the password reset endpoint, including a malicious Host header. This will inject the harmful link into the password reset process.

Added: Oct 16, 2025, 3:17 PM

Updated: Oct 16, 2025, 7:30 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

8.7

remediation

0.0

relevance

0.7

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

8.7

remediation

0.0

relevance

0.7

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CraftMyCMS Host Header Injection Vulnerability in Password Reset Functionality

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating