Description

A Host Header Injection vulnerability in qdPM 9.1 may allow an attacker to spoof a particular header and redirect users to malicious websites.

Remediation

References

CVE-2020-11814

Related Vulnerabilities

Magento CVE-2019-8090 Vulnerability (CVE-2019-8090)

WordPress Plugin WP User Frontend-Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission Arbitrary File Upload (2.3.10)

Apache HTTP Server Improper Locking Vulnerability (CVE-2004-0174)

Oracle Database Server CVE-2009-1020 Vulnerability (CVE-2009-1020)

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2018-12023)

Severity

Medium

Classification

CVE-2020-11814 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities