CVE-2008-7269

Name of the Vulnerable Software and Affected Versions SiteEngine versions 5.x

Description The issue allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. This is achieved via a URL in the forward parameter in a logout action in the api.php file.

Recommendations For SiteEngine versions 5.x, consider restricting access to the api.php file or the logout action to minimize the risk of exploitation. As a temporary workaround, avoid using the forward parameter in the logout action until a patch is available.