High severityNVD Advisory· Published Sep 28, 2023· Updated Sep 23, 2024
CVE-2023-38877
CVE-2023-38877
Description
A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This allows an attacker to reset other users' passwords.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
gugoan/economizzerPackagist | <= 0.9-beta1 | — |
Affected products
2- gugoan/Economizzerdescription
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.