CVE-2014-9343

Severity

57%

Complexity

86%

Confidentiality

81%

CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

Open redirect vulnerability in modules/system/controller/selectlanguage.class.php in Snowfox CMS 1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the rd parameter in a submit action to snowfox/.

CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

CVSS 2.0 Base Score 5.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N).

Overview

First reported 10 years ago

2014-12-08 16:59:00

Last updated 7 years ago

2017-09-08 01:29:00

Affected Software

Globiz Solutions Snowfox Content Management System 1.0

1.0

References

114850

http://packetstormsecurity.com/files/129162/Snowfox-CMS-1.0-Open-Redirect.html

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5206.php

Exploit

mantisbt-cve20146316-open-redirect(99128)

https://github.com/GlobizSolutions/snowfox/commit/55a8e44a9d9a9a788cc1cde6baf0c2c67e0c736a

Exploit

https://github.com/GlobizSolutions/snowfox/releases

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.