CVE-2018-8813 - Open redirect vulnerability in the login[redirect] parameter login functionality in WolfCMS 0.8.3.1

CVE-2018-8813

Summary

Open redirect vulnerability in the login[redirect] parameter login functionality in WolfCMS 0.8.3.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL.

References

https://docs.google.com/document/d/1rdl1yWDJkPuuOFb2sF07_c3twl5uMkH9a-OO2OmYMus/edit?usp=sharing
https://github.com/wolfcms/wolfcms/issues/670
https://www.exploit-db.com/exploits/44421/

Vulnerable Configurations

cpe:2.3:a:wolfcms:wolf_cms:0.8.3.1:*:*:*:*:*:*:*
cpe:2.3:a:wolfcms:wolf_cms:0.8.3.1:*:*:*:*:*:*:*

CVSS

Base:	4.9 (as of 10-05-2018 - 13:36)
Impact:
Exploitability:

CWE

CWE-601

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:S/C:P/I:P/A:N

refmap via4

exploit-db	44421
misc	https://docs.google.com/document/d/1rdl1yWDJkPuuOFb2sF07_c3twl5uMkH9a-OO2OmYMus/edit?usp=sharing https://github.com/wolfcms/wolfcms/issues/670

Last major update

10-05-2018 - 13:36

Published

04-04-2018 - 15:29

Last modified

10-05-2018 - 13:36