CVE-2012-4032
published 2012-07-17CVE-2012-4032: Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct…
PriorityP427medium5.8CVSS 2.0
AVNACMAuNCPIPAN
EXPLOIT
EPSS
7.30%
93.6th percentile
Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to Default.aspx.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| websitepanel | websitepanel | <= 1.2.1 | — |
| websitepanel | websitepanel | — | — |
| websitepanel | websitepanel | — | — |
| websitepanel | websitepanel | — | — |
| websitepanel | websitepanel | — | — |
| websitepanel | websitepanel | — | — |
| websitepanel | websitepanel | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WebsitePanel - 'ReturnUrl' Open Redirection
exploitdb·2012-07-09
CVE-2012-4032 WebsitePanel - 'ReturnUrl' Open Redirection
WebsitePanel - 'ReturnUrl' Open Redirection
---
source: https://www.securityfocus.com/bid/54346/info
WebsitePanel is prone to a URI-redirection vulnerability because the application fails to properly sanitize user-supplied input.
A successful exploit may aid in phishing attacks; other attacks are possible.
WebsitePanel versions prior to 1.2.2.1 are vulnerable.
https://www.example.com/hosting/Default.aspx?pid=Login&ReturnUrl=http://
https://www.example1.com/hosting/Default.aspx?pid=Login&ReturnUrl=http:///file.exe>
Nuclei
WebsitePanel before v1.2.2.1 - Open Redirect
nuclei·CVSS 5.8
CVE-2012-4032 [MEDIUM] WebsitePanel before v1.2.2.1 - Open Redirect
WebsitePanel before v1.2.2.1 - Open Redirect
Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to Default.aspx
Template:
id: CVE-2012-4032
info:
name: WebsitePanel before v1.2.2.1 - Open Redirect
author: ctflearner
severity: medium
description: |
Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to Default.aspx
impact: |
An attacker can trick users into visiting a malicious website, leading to potential phishing attacks or further exploitation.
remediation: |
Upgrade to WebsitePanel v1.2.2.1 or later to
No writeups or analysis indexed.
http://osvdb.org/83689http://packetstormsecurity.org/files/114541/WebsitePanel-CMS-Open-Redirect.htmlhttp://secunia.com/advisories/49813http://websitepanel.codeplex.com/workitem/224http://www.securityfocus.com/bid/54346https://exchange.xforce.ibmcloud.com/vulnerabilities/76803http://osvdb.org/83689http://packetstormsecurity.org/files/114541/WebsitePanel-CMS-Open-Redirect.htmlhttp://secunia.com/advisories/49813http://websitepanel.codeplex.com/workitem/224http://www.securityfocus.com/bid/54346https://exchange.xforce.ibmcloud.com/vulnerabilities/76803
2012-07-17
Published