CVE-2022-50910

CRITICAL 9.8

Beehive Forum - Account Takeover

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

0th

Beehive Forum 1.5.2 contains a host header injection vulnerability in the forgot password functionality that allows attackers to manipulate password reset requests. Attackers can inject a malicious host header to intercept password reset tokens and change victim account passwords without direct authentication.

CWE	CWE-640
Vendor	beehive forum
Product	beehive forum
Published	Jan 13, 2026
Last Updated	Mar 5, 2026

Stay Ahead of the Next One

Get instant alerts for beehive forum beehive forum

Be the first to know when new critical vulnerabilities affecting beehive forum beehive forum are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Beehive Forum / Beehive Forum

1.5.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/50923 beehiveforum.co.uk: https://www.beehiveforum.co.uk/ sourceforge.net: https://sourceforge.net/projects/beehiveforum/ imgur.com: https://imgur.com/a/hVlgpCg vulncheck.com: https://www.vulncheck.com/advisories/beehive-forum-account-takeover

Credits

Pablo Santiago