Lucene search

[email protected]CVE-2014-8305

HistoryOct 03, 2022 - 4:20 p.m.

CVE-2014-8305

2022-10-0316:20:37

[email protected]

web.nvd.nist.gov

cve-2014-8305

open redirect vulnerability

c97net cart engine

security vulnerability

phishing attack

web security

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.8%

JSON

Open redirect vulnerability in the redir function in includes/function.php in C97net Cart Engine before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header to (1) index.php, (2) cart.php, (3) msg.php, or (4) page.php.

Affected configurations

NVD

Node

c97cart_engineRange≤3.0

CPENameOperatorVersion
c97:cart_enginec97 cart enginele3.0

CPE	Name	Operator	Version
c97:cart_engine	c97 cart engine	le	3.0

References

seclists.org/fulldisclosure/2014/Sep/55

www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.8%

JSON

Related for CVE-2014-8305

prion1 dsquare1 cvelist1 nvd1