CVE-2024-0545

Name of the Vulnerable Software and Affected Versions CodeCanyon RISE Rise Ultimate Project Manager version 3.5.3

Description A problematic vulnerability was found in the CodeCanyon RISE Rise Ultimate Project Manager, affecting the file /index.php/signin. The manipulation of the redirect argument with the input http://evil.com leads to an open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For CodeCanyon RISE Rise Ultimate Project Manager version 3.5.3, consider disabling the /index.php/signin endpoint or restricting the use of the redirect argument until a patch is available. As a temporary workaround, avoid using the redirect argument in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.