Feehicms · Feehicms · CVE-2022-38796
**Name of the Vulnerable Software and Affected Versions**
Feehi CMS version 2.1.1
**Description**
A Host Header Injection issue may allow an attacker to spoof a particular header, potentially exploiting this by abusing password reset emails.
**Recommendations**
For Feehi CMS version 2.1.1, consider restricting access to password reset functionality until a patch is available.
As a temporary workaround, avoid using the password reset feature to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.