What is CVE-2023-24044?

CVE-2023-24044 is a vulnerability in N/a. Published 2023-01-22.

Is CVE-2023-24044 known to be exploited?

14 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2023-24044

A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names…

EPSS: 0.591 (98.3th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

Cappricio-Securities/CVE-2023-24044
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
DmitriiKuzmi4ev/casualStories
Sunjid-Ahmed/reconftw-main
cyb3r-w0lf/nuclei-template-collection
20142995/nuclei-templates
functionofpwnosec/functionofpwnosec
lamcodeofpwnosec/lamcodeofpwnosec

References

gist.github.com/TJetnipat/02b3854543b7ec95d54a8de811f2e8ae
medium.com/@jetnipat.tho/cve-2023-24044-10e48ab940d8
support.plesk.com/hc/en-us/articles/10254625170322-Vulnerability-CVE-2023-24044

Frequently asked questions

What is CVE-2023-24044?: CVE-2023-24044 is a vulnerability in N/a. Published 2023-01-22.
Is CVE-2023-24044 known to be exploited?: 14 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.