CVE-2023-36085

MEDIUM

SisqualWFM 7.1.319.103-7.1.319.111 - SSRF

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-36085. PoCs published by omershaik0.

AI-analyzed exploit summary This repository provides a detailed writeup and proof-of-concept for CVE-2023-36085, a host header injection vulnerability in SISQUALWFM version 7.1.319.103. The vulnerability allows an attacker to manipulate webpage links or redirect users to a malicious site by tampering with the host header in requests to the `/sisqualIdentityServer/core` endpoint.

Description

The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to phishing attacks, malware distribution, and unauthorized access to sensitive resources.

Exploits (1)

nomisec WRITEUP
by omershaik0 · poc
https://github.com/omershaik0/CVE-2023-36085_SISQUALWFM-Host-Header-Injection

This repository provides a detailed writeup and proof-of-concept for CVE-2023-36085, a host header injection vulnerability in SISQUALWFM version 7.1.319.103. The vulnerability allows an attacker to manipulate webpage links or redirect users to a malicious site by tampering with the host header in requests to the `/sisqualIdentityServer/core` endpoint.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: SISQUALWFM 7.1.319.103
No auth needed
Prerequisites: Access to the target application · Ability to intercept and modify HTTP requests
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 6.1
EPSS 0.0051
EPSS Percentile 39.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-601
Status published
Products (1)
sisqualwfm/sisqualwfm 7.1.319.103 - 7.1.319.111
Published Oct 25, 2023
Tracked Since Feb 18, 2026