CVE-2012-5321
published 2012-10-08CVE-2012-5321: tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the…
PriorityP338medium5.8CVSS 2.0
AVNACMAuNCPIPAN
EXPLOIT
EPSS
7.68%
93.8th percentile
tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tiki | tikiwiki_cms_groupware | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Tiki Wiki CMS Groupware - 'url' Open Redirection
exploitdb·2012-02-18
CVE-2012-5321 Tiki Wiki CMS Groupware - 'url' Open Redirection
Tiki Wiki CMS Groupware - 'url' Open Redirection
---
source: https://www.securityfocus.com/bid/52079/info
Tiki Wiki CMS Groupware is prone to a URI-redirection vulnerability because the application fails to properly sanitize user-supplied input.
A successful exploit may aid in phishing attacks; other attacks are possible.
http://www.example.com/tiki-featured_link.php?type=f&url=http://www.example2.com
Nuclei
TikiWiki CMS Groupware v8.3 - Open Redirect
nuclei·CVSS 5.8
CVE-2012-5321 [MEDIUM] TikiWiki CMS Groupware v8.3 - Open Redirect
TikiWiki CMS Groupware v8.3 - Open Redirect
tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection
Template:
id: CVE-2012-5321
info:
name: TikiWiki CMS Groupware v8.3 - Open Redirect
author: ctflearner
severity: medium
description: |
tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection
impact: |
Successful exploitation of this vulnerability could lead to phishing attacks and potential unauthorized access to sensitive information.
remediation: |
Apply the latest security patches or upgrade to a newer version o
http://osvdb.org/79409http://secunia.com/advisories/48102http://st2tea.blogspot.com/2012/02/tiki-wiki-cms-groupware-frame-injection.htmlhttp://www.securityfocus.com/bid/52079http://www.securitytracker.com/id?1026708https://exchange.xforce.ibmcloud.com/vulnerabilities/73403http://osvdb.org/79409http://secunia.com/advisories/48102http://st2tea.blogspot.com/2012/02/tiki-wiki-cms-groupware-frame-injection.htmlhttp://www.securityfocus.com/bid/52079http://www.securitytracker.com/id?1026708https://exchange.xforce.ibmcloud.com/vulnerabilities/73403
2012-10-08
Published