CVE-2023-36085 Information

Description

The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android has a host header injection vulnerability in its /sisqualIdentityServer/core/\ endpoint. By modifying the HTTP Host header an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to phishing attacks malware distribution and unauthorized access to sensitive resources.

Reference

https://github.com/omershaik0/Handmade_Exploits/tree/main/SISQUALWFM-Host-Header-Injection-CVE-2023-36085