Beehive Forum 1.5.2 contains a host header injection vulnerability in the forgot password functionality that allows attackers to manipulate password reset requests. Attackers can inject a malicious host header to intercept password reset tokens and change victim account passwords without direct authentication.
References
| Link | Resource |
|---|---|
| https://imgur.com/a/hVlgpCg | Exploit |
| https://sourceforge.net/projects/beehiveforum/ | Product |
| https://www.beehiveforum.co.uk/ | Product |
| https://www.exploit-db.com/exploits/50923 | Exploit |
| https://www.vulncheck.com/advisories/beehive-forum-account-takeover | Third Party Advisory |
| https://www.exploit-db.com/exploits/50923 | Exploit |
| https://www.vulncheck.com/advisories/beehive-forum-account-takeover | Third Party Advisory |
Configurations
History
28 Jan 2026, 19:51
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://imgur.com/a/hVlgpCg - Exploit | |
| References | () https://sourceforge.net/projects/beehiveforum/ - Product | |
| References | () https://www.beehiveforum.co.uk/ - Product | |
| References | () https://www.exploit-db.com/exploits/50923 - Exploit | |
| References | () https://www.vulncheck.com/advisories/beehive-forum-account-takeover - Third Party Advisory | |
| CPE | cpe:2.3:a:beehiveforum:beehive_forum:1.5.2:*:*:*:*:*:*:* | |
| First Time |
Beehiveforum
Beehiveforum beehive Forum |
14 Jan 2026, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.exploit-db.com/exploits/50923 - | |
| References | () https://www.vulncheck.com/advisories/beehive-forum-account-takeover - |
13 Jan 2026, 23:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-01-13 23:15
Updated : 2026-01-28 19:51
NVD link : CVE-2022-50910
Mitre link : CVE-2022-50910
CVE.ORG link : CVE-2022-50910
JSON object : View
Products Affected
beehiveforum
- beehive_forum
CWE
CWE-640
Weak Password Recovery Mechanism for Forgotten Password