CVE-2017-20164

Name of the Vulnerable Software and Affected Versions Symbiote Seed versions up to 6.0.2

Description A critical issue was found in the onBeforeSecurityLogin function of the code/extensions/SecurityLoginExtension.php file in the Login component. The manipulation of the URL argument leads to an open redirect. This issue can be exploited remotely.

Recommendations To address this issue, upgrade to version 6.0.3. As a temporary workaround, consider restricting access to the onBeforeSecurityLogin function until the patch is applied. Additionally, avoid using the URL argument in the affected component until the issue is resolved.