AdaptCMS 3.0.3 HTTP Referer Header Field Open Redirect Vulnerability

2015-01-06 / 2015-04-12
Risk: Low
Local: No
Remote: Yes
CWE: CWE-601

CVSS Base Score: 5.8/10
Impact Subscore: 4.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: None

? AdaptCMS 3.0.3 HTTP Referer Header Field Open Redirect Vulnerability Vendor: Insane Visions Product web page: Affected version: 3.0.3 Summary: AdaptCMS is a Content Management System trying to be both simple and easy to use, as well as very agile and extendable. Not only so we can easily create Plugins or additions, but so other developers can get involved. Using CakePHP we are able to achieve this with a built-in plugin system and MVC setup, allowing us to focus on the details and end-users to focus on building their website to look and feel great. Desc: Input passed via the 'Referer' header field is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain. ==================================== \lib\Cake\Controller\Controller.php: ------------------------------------ Line: 956 .. .. Line: 974 ------------------------------------ Tested on: Apache 2.4.10 (Win32) PHP 5.6.3 MySQL 5.6.21 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2015-5219 Advisory URL: 29.12.2014 -- GET /adaptcms/admin/adaptbb/webroot/foo HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: adaptcms=uu16dmimdemvcq54h3nevq6oa0 Connection: keep-alive Referer:


Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021,


Back to Top