PT-2018-12479 · Pagekit · Pagekit

Zhihua.Yao

Published

2018-07-18

Updated

2022-05-14

CVE-2018-14381

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Pagekit versions prior to 1.0.14

Description The issue is related to an open redirect vulnerability. It affects the /user/login?redirect= endpoint, where the redirect parameter is vulnerable. This could potentially allow attackers to redirect users to malicious sites.

Recommendations For versions prior to 1.0.14, update to version 1.0.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the /user/login?redirect= endpoint until the update is applied. Avoid using the redirect parameter in the affected endpoint until the issue is resolved.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2018-14381

GHSA-V47J-RW9H-6M47

Affected Products

Pagekit

PT-2018-12479 · Pagekit · Pagekit

CVE-2018-14381

Weakness Enumeration

Related Identifiers

Affected Products

References · 6