CVE-2014-9180
published 2014-12-02CVE-2014-9180: Open redirect vulnerability in go.php in Eleanor CMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in…
PriorityP422medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
4.42%
90.1th percentile
Open redirect vulnerability in go.php in Eleanor CMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the QUERY_STRING.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Eleanor CMS - Open Redirect
nuclei·CVSS 5.0
CVE-2014-9180 [MEDIUM] Eleanor CMS - Open Redirect
Eleanor CMS - Open Redirect
Open redirect vulnerability in go.php in Eleanor CMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the QUERY_STRING.
Template:
id: CVE-2014-9180
info:
name: Eleanor CMS - Open Redirect
author: Shankar Acharya
severity: medium
description: |
Open redirect vulnerability in go.php in Eleanor CMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the QUERY_STRING.
impact: |
Attackers can redirect users to malicious sites for phishing attacks, malware distribution, or credential theft.
remediation: |
Update to the latest version of Eleanor CMS to fix the open redirect vulnerability.
reference:
- https://packetstormsecurity.com/files/129087/Eleanor-
2014-12-02
Published