Input validation error in ocPortal - CVE-2012-5234
Published: October 2, 2012 / Updated: August 11, 2020
Vulnerability identifier: #VU43446
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2012-5234
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: ocportal.com
Affected software:
ocPortal
ocPortal
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Open redirect vulnerability in index.php in ocPortal before 7.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter.
How to mitigate CVE-2012-5234
Install update from vendor's website.