CVE-2015-1060
published 2015-01-16CVE-2015-1060: Open redirect vulnerability in lib/Cake/Controller/Controller.php in AdaptCMS 3.0.3 allows remote attackers to redirect users to arbitrary web sites and…
PriorityP428medium5.8CVSS 2.0
AVNACMAuNCPIPAN
EXPLOIT
EPSS
4.40%
90.1th percentile
Open redirect vulnerability in lib/Cake/Controller/Controller.php in AdaptCMS 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| insanevisions | adaptcms | — | — |
CVSS provenance
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
osv7.6HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
python3.5, python3.6, python3.7, python3.8, python3.9, python3.10, python3.11, python3.12 vulnerabilities
osv·2024-07-11·CVSS 7.6
CVE-2015-20107 python3.5, python3.6, python3.7, python3.8, python3.9, python3.10, python3.11, python3.12 vulnerabilities
python3.5, python3.6, python3.7, python3.8, python3.9, python3.10, python3.11, python3.12 vulnerabilities
It was discovered that Python incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 14.04 LTS and Ubuntu 18.04 LTS.
(CVE-2015-20107)
It was discovered that Python incorrectly used regular expressions
vulnerable to catastrophic backtracking. A remote attacker could possibly
use this issue to cause a denial of service. This issue only affected
Ubuntu 14.04 LTS. (CVE-2018-1060, CVE-2018-1061)
It was discovered that Python failed to initialize Expat’s hash salt. A
remote attacker could possibly use this issue to cause hash collisions,
leading to a denial of service. This issue only affected Ubuntu 14.04 L
GHSA
GHSA-vvvw-jjxx-8hjc: Open redirect vulnerability in lib/Cake/Controller/Controller
ghsa_unreviewed·2022-05-17
CVE-2015-1060 [MEDIUM] GHSA-vvvw-jjxx-8hjc: Open redirect vulnerability in lib/Cake/Controller/Controller
Open redirect vulnerability in lib/Cake/Controller/Controller.php in AdaptCMS 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/show/osvdb/116721http://packetstormsecurity.com/files/129813/AdaptCMS-3.0.3-HTTP-Referer-Header-Open-Redirect.htmlhttp://www.exploit-db.com/exploits/35710http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5219.phphttps://exchange.xforce.ibmcloud.com/vulnerabilities/99618http://osvdb.org/show/osvdb/116721http://packetstormsecurity.com/files/129813/AdaptCMS-3.0.3-HTTP-Referer-Header-Open-Redirect.htmlhttp://www.exploit-db.com/exploits/35710http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5219.phphttps://exchange.xforce.ibmcloud.com/vulnerabilities/99618
2015-01-16
Published