CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-24044

A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature."

Exploit prediction scoring system (EPSS) score

EPSS Score 0.541

EPSS Ranking 97.9%

CVSS Severity

CVSS v3 Score 6.1

References

https://gist.github.com/TJetnipat/02b3854543b7ec95d54a8de811f2e8ae
https://medium.com/%40jetnipat.tho/cve-2023-24044-10e48ab940d8
https://support.plesk.com/hc/en-us/articles/10254625170322-Vulnerability-CVE-2023-24044
https://gist.github.com/TJetnipat/02b3854543b7ec95d54a8de811f2e8ae
https://medium.com/%40jetnipat.tho/cve-2023-24044-10e48ab940d8
https://support.plesk.com/hc/en-us/articles/10254625170322-Vulnerability-CVE-2023-24044

Products affected by CVE-2023-24044

Plesk » Obsidian » Version: N/A

cpe:2.3:a:plesk:obsidian:-
Plesk » Obsidian » Version: 18.0.17

cpe:2.3:a:plesk:obsidian:18.0.17

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-24044

Products

Pricing

Contact Us