CVE-2020-13565

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions phpGACL version 3.3.7 OpenEMR version 5.0.2 OpenEMR development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce)

Description An open redirect issue exists in the return page redirection functionality. A specially crafted HTTP request can redirect users to an arbitrary URL. An attacker can provide a crafted URL to trigger this issue.

Recommendations For phpGACL version 3.3.7, update the return page redirection functionality to validate URLs and prevent redirects to arbitrary locations. For OpenEMR version 5.0.2, modify the return page redirection functionality to ensure it only redirects to trusted URLs. For OpenEMR development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce), revise the return page redirection functionality to properly validate and sanitize user-inputted URLs.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2020-13565

Affected Products

Openemr

Phpgacl

CVE-2020-13565

Weakness Enumeration

Related Identifiers

Affected Products

References · 7