Snowfox CMS 'rd' Parameter Open Redirect Vulnerability Network Vulnerability

Summary

This host is installed with Snowfox CMS and is prone to open redirect vulnerability.

Impact

Successful exploitation will allow remote attackers to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Impact Level: Application

Solution

Upgrade to Snowfox CMS version 1.0.10 or later. For updates refer https://www.snowfoxcms.org/

Insight

The error exists as the application does not validate the 'rd' parameter upon submission to the selectlanguage.class.php script.

Affected

Snowfox CMS version 1.0

Detection

Send a crafted HTTP GET request and check whether it redirects to the malicious websites.

References

http://osvdb.org/114850
http://packetstormsecurity.com/files/129162
http://www.zeroscience.mk/codes/snowfox_url.txt

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-9343

CVSS	Base Score: 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Adobe ColdFusion Multiple Vulnerabilities-03 May-2014
Adobe ColdFusion Unspecified Information Disclosure Vulnerability
Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
Apache Rave User Information Disclosure Vulnerability
aeNovo Database Content Disclosure Vulnerability

Take action and discover your vulnerabilities