PT-2024-15814 · Unknown · Codeastro Internet Banking System
Mohammed Aashique
·
Published
2024-01-22
·
Updated
2024-05-17
·
CVE-2024-0781
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
CodeAstro Internet Banking System version 1.0
Description
A problematic issue was found in the CodeAstro Internet Banking System, affecting an unknown part of the file pages client signup.php. The manipulation of the argument
Client Full Name with the input <meta http-equiv="refresh" content="0; url=https://vuldb.com" /> leads to an open redirect. This issue can be initiated remotely.Recommendations
For CodeAstro Internet Banking System version 1.0, as a temporary workaround, consider restricting the input for the
Client Full Name argument to prevent open redirect attacks. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Codeastro Internet Banking System