CVE-2024-0545

Опубликовано: 15 янв. 2024

Источник: nvd

CVSS3: 5.3

CVSS3: 6.1

CVSS2: 5

EPSS Низкий

Описание

A vulnerability classified as problematic was found in CodeCanyon RISE Ultimate Project Manager 3.5.3. This vulnerability affects unknown code of the file /index.php/signin. The manipulation of the argument redirect with the input http://evil.com leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Ссылки

https://vuldb.com/?ctiid.250714
Permissions Required
Third Party Advisory
https://vuldb.com/?id.250714
Third Party Advisory
https://vuldb.com/?submit.266974
https://vuldb.com/?ctiid.250714
Permissions Required
Third Party Advisory
https://vuldb.com/?id.250714
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fairsketch:rise_ultimate_project_manager:3.5.3:*:*:*:*:*:*:*

EPSS

Процентиль: 21%

0.00068

Низкий

5.3 Medium

CVSS3

6.1 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

GHSA-3975-4fwf-j526

CVSS3: 5.3

github

около 2 лет назад

A vulnerability classified as problematic was found in CodeCanyon RISE Rise Ultimate Project Manager 3.5.3. This vulnerability affects unknown code of the file /index.php/signin. The manipulation of the argument redirect with the input http://evil.com leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250714 is the identifier assigned to this vulnerability.

EPSS

Процентиль: 21%

0.00068

Низкий

5.3 Medium

CVSS3

6.1 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-601