PT-2021-10199 · Unknown · Getsimple Cms
Lorexxar233
·
Published
2021-06-23
·
Updated
2021-06-28
·
CVE-2020-18660
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
GetSimpleCMS versions 3.3.15 and earlier
Description:
The issue is related to an open redirect in the admin/changedata.php file via the redirect function to the
url parameter. This allows for potential redirection to unintended locations.Recommendations:
For versions 3.3.15 and earlier, update to a version later than 3.3.15 to resolve the issue. As a temporary workaround, consider restricting access to the admin/changedata.php file or disabling the redirect function to the
url parameter until a patch is available.Exploit
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Getsimple Cms