PT-2018-9402 · Unknown · Redirection
Glyn Wintle
·
Published
2018-06-26
·
Updated
2018-09-04
·
CVE-2018-1000504
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Redirection version 2.7.3
Description
The issue allows admins to execute any PHP file in the filesystem due to an ACE via file inclusion vulnerability in Pass-through mode. This can be exploited if an attacker has access to an admin account on the target site.
Recommendations
For version 2.7.3, update to version 2.8 to resolve the issue.
Exploit
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Redirection