Open redirect

2017-07-1713:18:00

PRIOn knowledge base

www.prio-n.com

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.4%

JSON

Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable to an open URL redirect vulnerability in the user web login function resulting in unauthorized account access.

CPENameOperatorVersion
sme_servereq8.0
sme_servereq9.2
sme_servereq9.0
sme_servereq10.0

Name	Operator	Version
sme_server	eq	8.0
sme_server	eq	9.2
sme_server	eq	9.0
sme_server	eq	10.0

References

cp270.wordpress.com/2017/02/02/security-advisory-open-url-redirect-in-sme-server/

forums.contribs.org/index.php/topic,52838.0.html