CVE-2021-43437 — Injection in Online Portal Project Engineers Online Portal
Severity
8.8HIGHNVD
EPSS
0.4%
top 36.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 20
Latest updateDec 21
Description
In sourcecodetester Engineers Online Portal as of 10-21-21, an attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways. Very often multiple websites are hosted on the same IP address. This is where the Host Header comes in. This header specifies which website should process the HTTP request. The web server uses the value of this header to dispatch the request to the specified website. Each website hosted on the same IP address…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages1 packages
🔴Vulnerability Details
2GHSA▶
GHSA-xx33-26x2-m77p: In sourcecodetester Engineers Online Portal as of 10-21-21, an attacker can manipulate the Host header as seen by the web application and cause the ap↗2021-12-21
CVEList▶
CVE-2021-43437: In sourcecodetester Engineers Online Portal as of 10-21-21, an attacker can manipulate the Host header as seen by the web application and cause the ap↗2021-12-20