Skip to main content

Engineers Online Portal CVE-2021-43437

HIGH
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)
2021-12-20 cve@mitre.org
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 20, 2021 - 20:15 nvd
HIGH 8.8

DescriptionNVD

In sourcecodetester Engineers Online Portal as of 10-21-21, an attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways. Very often multiple websites are hosted on the same IP address. This is where the Host Header comes in. This header specifies which website should process the HTTP request. The web server uses the value of this header to dispatch the request to the specified website. Each website hosted on the same IP address is called a virtual host. And It's possible to send requests with arbitrary Host Headers to the first virtual host.

AnalysisAI

In sourcecodetester Engineers Online Portal as of 10-21-21, an attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-74. In sourcecodetester Engineers Online Portal as of 10-21-21, an attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways. Very often multiple websites are hosted on the same IP address. This is where the Host Header comes in. This header specifies which website should process the HTTP request. The web server uses the value of this header to dispatch the request to the specified website. Each website hosted on the same IP address is called a virtual host. And It's possible to send requests with arbitrary Host Headers to the first virtual host. Affected products include: Engineers Online Portal Project Engineers Online Portal.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2023-5282 CRITICAL POC
9.8 Sep 29

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. Rated critical severity (CVSS 9.8), this vulner

CVE-2023-5281 CRITICAL POC
9.8 Sep 29

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. Rated critical severity (CVSS 9.8), this vulner

CVE-2023-5280 CRITICAL POC
9.8 Sep 29

A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Rated critical sever

CVE-2023-5279 CRITICAL POC
9.8 Sep 29

A vulnerability has been found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Rated critical

CVE-2023-5278 CRITICAL POC
9.8 Sep 29

A vulnerability, which was classified as critical, was found in SourceCodester Engineers Online Portal 1.0. Rated critic

CVE-2023-5277 CRITICAL POC
9.8 Sep 29

A vulnerability, which was classified as critical, has been found in SourceCodester Engineers Online Portal 1.0.php. Rat

CVE-2023-5276 CRITICAL POC
9.8 Sep 29

A vulnerability classified as critical was found in SourceCodester Engineers Online Portal 1.0. Rated critical severity

CVE-2021-42670 CRITICAL POC
9.8 Nov 05

A SQL injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to the announ

CVE-2021-42669 CRITICAL POC
9.8 Nov 05

A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which all

CVE-2021-42668 CRITICAL POC
9.8 Nov 05

A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_cla

CVE-2021-42665 CRITICAL POC
9.8 Nov 05

An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of inde

CVE-2023-5284 HIGH POC
8.8 Sep 29

A vulnerability classified as critical has been found in SourceCodester Engineers Online Portal 1.0. Rated high severity

Share

CVE-2021-43437 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy