Main Vulnerability Database Vulnerabilities #VU5377

Open redirect in Pagekit CMS - CVE-2014-8070

Published: October 14, 2014 / Updated: February 27, 2017

Vulnerability identifier: #VU5377

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2014-8070

CWE-ID: CWE-601

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: YOOtheme

Affected software:
Pagekit CMS

Detailed vulnerability description

The vulnerability allows a remote attacker to perform phishing attacks.

Open redirect vulnerability exists due to insufficient verification of URL when redirecting users during logout process in index.php/user/logout. A remote attacker can create a specially crafted link, trick the victim into following it and redirect the victim to malicious website.

Successful exploitation of the vulnerability will allow to steal valid user's credentials and use the information to conduct further attacks.

How to mitigate CVE-2014-8070

Install the latest version from vendor's website.

Sources

http://packetstormsecurity.com/files/128641/Pagekit-0.8.7-Cross-Site-Scripting-Open-Redirect.html

Open redirect in Pagekit CMS - CVE-2014-8070

Detailed vulnerability description

How to mitigate CVE-2014-8070

Sources

Please verify you're human