CVE-2018-6200
published 2018-01-25CVE-2018-6200: vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter.
PriorityP334medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
3.54%
87.8th percentile
vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vbulletin | vbulletin | 3.0.0 – 3.8.11 | — |
| vbulletin | vbulletin | 4.2.0 – 4.2.5 | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
SAP Internet Transaction Server 6200.x - Session Fixation / Cross-Site Scripting
exploitdb·2018-05-25·CVSS 6.1
CVE-2018-11415 [MEDIUM] SAP Internet Transaction Server 6200.x - Session Fixation / Cross-Site Scripting
SAP Internet Transaction Server 6200.x - Session Fixation / Cross-Site Scripting
---
# Exploit Title: SAP Internet Transaction Server (ITS) 6200.X.X - Session Fixation/ Cross-Site Scripting
# Dork: /scripts/wgate/
# Date: 25.05.2018
# Exploit Author: J. Carrillo Lencina (0xd0m7)
# Vendor Homepage: https://www.sap.com
# Version: SAP ITS 6200.X.X
# Category: Webapps
# Tested on: All Platforms
# CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11415
# Description:As it has been determined that there are two
vulnerabilities in the latest developed version of SAP ITS, these two
vulnerabilities added together give rise to an XSS.
#Technical details: It has been determined that when an unauthenticated
user navigates through the application, the application assigns a cookie,
that coo
Nuclei
vBulletin - Open Redirect
nuclei·CVSS 6.1
CVE-2018-6200 [MEDIUM] vBulletin - Open Redirect
vBulletin - Open Redirect
vBulletin 3.x.x and 4.2.x through 4.2.5 contains an open redirect vulnerability via the redirector.php URL parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
Template:
id: CVE-2018-6200
info:
name: vBulletin - Open Redirect
author: 0x_Akoko,daffainfo
severity: medium
description: |
vBulletin 3.x.x and 4.2.x through 4.2.5 contains an open redirect vulnerability via the redirector.php URL parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
impact: |
An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing
2018-01-25
Published