Описание
An open redirect vulnerability in Hubzilla before version 7.2 allows remote attackers to redirect a logged in user to an arbitrary URL via the rpath parameter.
An open redirect vulnerability in Hubzilla before version 7.2 allows remote attackers to redirect a logged in user to an arbitrary URL via the rpath parameter.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-27256
- https://framagit.org/hubzilla/core/-/commit/0784cd593a39a4fc297e8a82f7e79bc8019a0868#1c497fbb3a46b78edf04cc2a2fa33f67e3ffbe2a
- https://hubzilla.org/channel/hubzilla
- https://volse.net/~haraldei/infosec/disclosures/hubzilla-before-7-2-multiple-vulnerabilities
Связанные уязвимости
CVSS3: 6.1
nvd
почти 4 года назад
A PHP Local File inclusion vulnerability in the Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter.