PT-2014-8946 · Snowfox · Snowfox Cms
Published
2014-12-08
·
Updated
2017-09-08
·
CVE-2014-9343
CVSS v2.0
5.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Snowfox CMS version 1.0
Description
The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. This is achieved via a URL in the
rd parameter in a submit action to "snowfox/".Recommendations
For Snowfox CMS version 1.0, consider restricting access to the
selectlanguage.class.php module until a patch is available. As a temporary workaround, avoid using the rd parameter in the affected submit action to minimize the risk of exploitation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Snowfox Cms