Input validation error in AdaptCMS - CVE-2015-1060
Published: January 16, 2015 / Updated: August 9, 2020
Vulnerability identifier: #VU40945
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2015-1060
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: AdaptCMS
Affected software:
AdaptCMS
AdaptCMS
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Open redirect vulnerability in lib/Cake/Controller/Controller.php in AdaptCMS 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header. <a href="http://cwe.mitre.org/data/definitions/601.html">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a>
How to mitigate CVE-2015-1060
Install update from vendor's website.