CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-42903

High Severity
Limesurvey
SVRS
61/100
CVSSv3
6.5/10
EPSS
0.00032/1

CVE-2024-42903 is a Host header injection vulnerability affecting LimeSurvey versions up to 6.6.1+240806. This flaw enables attackers to craft malicious password reset links that redirect victims to attacker-controlled domains, potentially leading to credential theft or other malicious activities. While the CVSS score is 6.5, SOCRadar's Vulnerability Risk Score (SVRS) is 61, indicating a moderate risk that requires monitoring. The presence of "In The Wild" tag suggests active exploitation. Attackers can leverage this vulnerability to perform phishing attacks and compromise user accounts. Organizations using LimeSurvey should promptly investigate and apply necessary patches or mitigations to prevent potential exploitation. This CVE highlights the importance of input validation and secure coding practices to prevent header injection attacks.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:R
S:U
C:N
I:H
A:N
PUBLICATION DATE2024-09-03
LAST MODIFIED2025-03-13

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-42903 | LimeSurvey up to 6.6.1+240806 Header Host redirect
vuldb.com2025-03-11
CVE-2024-42903 | LimeSurvey up to 6.6.1+240806 Header Host redirect | A vulnerability was found in LimeSurvey up to 6.6.1+240806 and classified as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument Host leads to open redirect. This vulnerability is handled as CVE-2024-42903. The attack
vuldb.com
rss
forum
news

Social Media

CVE-2024-42903 A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 and before allows attackers to send users a crafted password reset l… https://t.co/bY1IiIP0nh
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppLimesurveylimesurvey

References

ReferenceLink
[email protected]https://github.com/LimeSurvey/LimeSurvey/compare/6.6.0+240729...6.6.1+240806
[email protected]https://github.com/LimeSurvey/LimeSurvey/pull/3920
[email protected]https://github.com/sysentr0py/CVEs/tree/main/CVE-2024-42903
GITHUBhttps://github.com/sysentr0py/CVEs/tree/main/CVE-2024-42903

CWE Details

CWE IDCWE NameDescription
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence