CVE-2022-50910

CRITICAL

Beehive Forum 1.5.2 - Host Header Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-50910. PoCs published by Pablo Santiago.

AI-analyzed exploit summary This exploit demonstrates an account takeover vulnerability in Beehive Forum 1.5.2 by manipulating the 'Host' header in the password reset functionality to steal tokens and reset passwords. It requires user interaction and involves setting up a listener to capture the token.

Description

Beehive Forum 1.5.2 contains a host header injection vulnerability in the forgot password functionality that allows attackers to manipulate password reset requests. Attackers can inject a malicious host header to intercept password reset tokens and change victim account passwords without direct authentication.

Exploits (1)

exploitdb WORKING POC
by Pablo Santiago · pythonwebappsphp
https://www.exploit-db.com/exploits/50923

This exploit demonstrates an account takeover vulnerability in Beehive Forum 1.5.2 by manipulating the 'Host' header in the password reset functionality to steal tokens and reset passwords. It requires user interaction and involves setting up a listener to capture the token.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Beehive Forum 1.5.2
No auth needed
Prerequisites: Network access to the target · Victim interaction to click a malicious link
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 9.8
EPSS 0.0065
EPSS Percentile 46.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-640
Status published
Products (1)
beehiveforum/beehive_forum 1.5.2
Published Jan 13, 2026
Tracked Since Feb 18, 2026