Vulnerability CVE-2023-36085


Published: 2023-10-25

Description:
The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to phishing attacks, malware distribution, and unauthorized access to sensitive resources.

See advisories in our WLB2 database:
Topic
Author
Date
Low
SISQUAL WFM 7.1.319.103 Host Header Injection
Omer Shaik
06.02.2024

 References:
https://github.com/omershaik0/Handmade_Exploits/tree/main/SISQUALWFM-Host-Header-Injection-CVE-2023-36085

Copyright 2024, cxsecurity.com

 

Back to Top