CVE-2020-22840

Опубликовано: 09 фев. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 5.8

EPSS Средний

Описание

Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php.

Ссылки

http://packetstormsecurity.com/files/161362/b2evolution-CMS-6.11.6-Open-Redirection.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/b2evolution/b2evolution/issues/102
Third Party Advisory
https://www.exploit-db.com/exploits/49554
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/161362/b2evolution-CMS-6.11.6-Open-Redirection.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/b2evolution/b2evolution/issues/102
Third Party Advisory
https://www.exploit-db.com/exploits/49554
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:b2evolution:b2evolution:*:*:*:*:*:*:*:*

Версия до 6.11.6 (исключая)

EPSS

Процентиль: 97%

0.4178

Средний

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

GHSA-v56p-8m5q-738r

github

больше 3 лет назад