SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   PHPWind Vendors:   PHPWind.Net
PHPWind Input Validation Flaw in 'goto.php' Permits URL Redirection Attacks
SecurityTracker Alert ID:  1032428
SecurityTracker URL:  http://securitytracker.com/id/1032428
CVE Reference:   CVE-2015-4134   (Links to External Site)
Updated:  May 29 2015
Original Entry Date:  May 29 2015
Impact:   Modification of system information
Exploit Included:  Yes  
Version(s): 8.7
Description:   A vulnerability was reported in PHPWind. A remote user can redirect the target user's browser to an arbitrary site.

A remote user can create a specially crafted URL that, when loaded by the target user, will redirect the target user's web browser to an arbitrary site.

The 'url' parameter in 'goto.php' is affected.

Wang Jing of the School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore reported this vulnerability.

Impact:   A remote user can cause the target user's web browser to be redirected to an arbitrary site.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.phpwind.net/ (Links to External Site)
Cause:   Input validation error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC