Latest Security News about header injection

GoAhead Web server HTTP Header Injection vulnerability

Overview : An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack. Affected Product(s) : Embedthis GoAhead 2.5.0 Vulnerability Details : CVE ID : CVE-2019-16645 […]

Tracking Down New WordPress Popup Injection Malware

A new variant of popup injector WordPress malware is spreading and affecting 1000s of WordPress websites. The  web master was getting once in a weekly email from visitors complaining about adult content popups on the website. An interesting fact about the malware is It's not showing to admin users of the website. Not showing to [...]

CRLF/HTML entity injection with most recent version of PHPMyAdmin #16056

  Overview : ** DISPUTED ** phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states "I don't see anything specifically exploitable." CVE-2020-11441   CRLF/HTML entity injection with most recent version of PHPMyAdmin #16056 Describe the bug The login form [...]

phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability

Overview : In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as [...]

ERPNext 11.1.47 allows blog?blog_category= Frame Injection.

  Overview : ERPNext 11.1.47 allows blog?blog_category= Frame Injection. Affected Product(s) : Affected Software: ERPNext Affected Versions: 11.1.47 Vulnerability Details : CVE ID : CVE-2019-20511 Frame Injection Vulnerability in ERPNext 11.1.47 Information -------------------- Advisory by Netsparker Name: Frame Injection Vulnerability in ERPNext Affected Software: ERPNext Affected Versions: 11.1.47 Vendor Homepage: https://erpnext.com/ Vulnerability Type: Frame Injection Severity: Medium Status: Fixed CVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N Netsparker Advisory Reference: NS-19-018 Technical Details [...]