CVE-2023-24044

Published: Jan 22, 2023

Modified: Apr 2, 2025

PUBLISHED

Description

A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gist.github.com/TJetnipat/02b3854543b7ec95d54a8de811f2e8ae

https://medium.com/%40jetnipat.tho/cve-2023-24044-10e48ab940d8

https://support.plesk.com/hc/en-us/articles/10254625170322-Vulnerability-CVE-2023-24044

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-24044

Description

Affected Products

References