PT-2008-5461 · Nooms · Nooms
Dr.Crash
+1
·
Publicado
2008-09-22
·
Atualizado
2018-10-11
·
CVE-2008-4162
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
NooMS version 1.1
Description
The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. This is achieved by manipulating a URL in the
g site url parameter in the admin/auth.php file.Recommendations
For NooMS version 1.1, consider restricting access to the admin/auth.php file until a patch is available, and avoid using the
g site url parameter in this context to minimize the risk of exploitation.Correção
Link Following
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Nooms