Web Server Host Header Injection Vulnerability in Embedthis GoAhead
CVE-2019-16645

8.6HIGH

Key Information:

Vendor: Embedthis
Status: Goahead
Vendor: CVE Published:; 20 September 2019

What is CVE-2019-16645?

An issue exists in Embedthis GoAhead 2.5.0 that allows an attacker to exploit certain web pages, such as goform/login and config/log_off_page.htm. By manipulating the HTTP Host header, the attacker can create malicious links that could facilitate phishing attacks, posing serious security risks to users who may unwittingly follow these links.

References

https://github.com/Ramikan/Vulnerabilities/blob/master/Go...

x_refsource_MISC

http://packetstormsecurity.com/files/154652/GoAhead-2.5.0...

x_refsource_MISC

EPSS Score

15% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 20, 2019
Vulnerability Reserved
Sep 20, 2019