CVE-2014-9343

Name of the Vulnerable Software and Affected Versions Snowfox CMS version 1.0

Description The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. This is achieved via a URL in the rd parameter in a submit action to "snowfox/".

Recommendations For Snowfox CMS version 1.0, consider restricting access to the selectlanguage.class.php module until a patch is available. As a temporary workaround, avoid using the rd parameter in the affected submit action to minimize the risk of exploitation.