CVE-2009-2138
published 2009-06-19CVE-2009-2138: Multiple open redirect vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via…
PriorityP416medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.26%
66.0th percentile
Multiple open redirect vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the returnto parameter to login.php or (2) the returnto parameter in a delete action to news.php. NOTE: this can be leveraged for cross-site scripting (XSS) by redirecting to a data: URI.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
2009-06-19
Published