Description
Known v1.3.1+2020120201 was discovered to allow attackers to perform an account takeover via a host header injection attack.
References (4)
Core 4
Core References
Product, Third Party Advisory x_refsource_misc
https://github.com/idno/known
Exploit, Third Party Advisory x_refsource_misc
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Account%20Takeover#account-takeover-through-password-reset-poisoning
Third Party Advisory x_refsource_misc
https://www.pethuraj.com/blog/how-i-earned-800-for-host-header-injection-vulnerability/
Exploit, Third Party Advisory x_refsource_misc
https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/
Scores
CVSS v3
8.8
EPSS
0.0121
EPSS Percentile
64.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-74
Status
published
Products (2)
idno/known
0Packagist
withknown/known
< 1.3.1
Published
Jul 08, 2022
Tracked Since
Feb 18, 2026