Exploitation Summary
EIP tracks 1 public exploit for CVE-2022-0935. PoCs published by tomorroisnew.
Description
Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97.
Exploits (1)
github
NO CODE
2 stars
by tomorroisnew · poc
https://github.com/tomorroisnew/CVE/tree/main/CVE-2022-0935
References (2)
Core 2
Core References
Exploit, Patch, Third Party Advisory x_refsource_confirm
https://huntr.dev/bounties/a7e40fdf-a333-4a50-8a53-d11b16ce3ec2
Patch, Third Party Advisory x_refsource_misc
https://github.com/livehelperchat/livehelperchat/commit/ce96791cb4c7420266b668fc234c211914259ba7
Scores
CVSS v3
8.8
EPSS
0.0128
EPSS Percentile
66.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-840
CWE-116
Status
published
Products (1)
livehelperchat/live_helper_chat
< 3.97
Published
Apr 07, 2022
Tracked Since
Feb 18, 2026