Piyushthepal

**Name of the Vulnerable Software and Affected Versions** e107 versions prior to 2.3.4 **Description** e107 is a content management system (CMS). A Host Header Injection in the password reset page allows attackers to manipulate the `Host` header to generate password reset links that point to domains controlled by the attacker. This can lead to account takeover or phishing attacks. **Recommendations** Update to version 2.3.4.