CVE-2017-14523

Name of the Vulnerable Software and Affected Versions: WonderCMS version 2.3.1

Description: The issue allows for an HTTP Host header injection attack. It utilizes user-entered values to redirect pages. The vendor notes that exploitation is unlikely since the attack can only originate from a local machine or from the administrator as a self-attack.

Recommendations: For WonderCMS version 2.3.1, consider restricting the use of user-entered values in page redirects until a fix is available. As a temporary workaround, limit the ability to modify redirect pages to authorized personnel only.