CVE-2020-13565
published 2021-02-10CVE-2020-13565: An open redirect vulnerability exists in the return_page redirection functionality of phpGACL 3.3.7, OpenEMR 5.0.2 and OpenEMR development version 6.0.0…
PriorityP432medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
1.88%
76.8th percentile
An open redirect vulnerability exists in the return_page redirection functionality of phpGACL 3.3.7, OpenEMR 5.0.2 and OpenEMR development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can redirect users to an arbitrary URL. An attacker can provide a crafted URL to trigger this vulnerability.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| open-emr | openemr | — | — |
| phpgacl_project | phpgacl | — | — |
| phpgacl_project | phpgacl | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
osv6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-ccp4-42w5-9q8g: An open redirect vulnerability exists in the return_page redirection functionality of phpGACL 3
ghsa_unreviewed·2022-05-24
CVE-2020-13565 [MEDIUM] CWE-601 GHSA-ccp4-42w5-9q8g: An open redirect vulnerability exists in the return_page redirection functionality of phpGACL 3
An open redirect vulnerability exists in the return_page redirection functionality of phpGACL 3.3.7, OpenEMR 5.0.2 and OpenEMR development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can redirect users to an arbitrary URL. An attacker can provide a crafted URL to trigger this vulnerability.
OSV
CVE-2020-13565: An open redirect vulnerability exists in the return_page redirection functionality of phpGACL 3
osv·2021-02-10·CVSS 6.1
CVE-2020-13565 [MEDIUM] CVE-2020-13565: An open redirect vulnerability exists in the return_page redirection functionality of phpGACL 3
An open redirect vulnerability exists in the return_page redirection functionality of phpGACL 3.3.7, OpenEMR 5.0.2 and OpenEMR development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can redirect users to an arbitrary URL. An attacker can provide a crafted URL to trigger this vulnerability.
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Multiple vulnerabilities in phpGACL class
blogs_talos·2021-01-27·CVSS 6.1
[MEDIUM] Vulnerability Spotlight: Multiple vulnerabilities in phpGACL class
Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered multiple vulnerabilities in the phpGACL class. One of these vulnerabilities also affects OpenEMR, a medical practice management software written in PHP. phpGACL is a PHP library that allows developers to implement permission systems via a Generic Access Control List. An adversary could exploit these vulnerabilities by sending the target machine a specially crafted, malicious HTTP request or URL.
In accordance with our coordinated disclosure policy, Cisco Talos worked with phpGACL and OpenEMR to ensure that these issues are resolved and that an update is available for affected customers.
## Vulnerability details
phpGACL template multiple cross-site scripting vulnerabilit
Talos
Vulnerability Spotlight: Multiple vulnerabilities in phpGACL class
blogs_talos·2021-01-27·CVSS 6.1
[MEDIUM] Vulnerability Spotlight: Multiple vulnerabilities in phpGACL class
## Vulnerability Spotlight: Multiple vulnerabilities in phpGACL class
Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered multiple vulnerabilities in the phpGACL class. One of these vulnerabilities also affects OpenEMR, a medical practice management software written in PHP. phpGACL is a PHP library that allows developers to implement permission systems via a Generic Access Control List. An adversary could exploit these vulnerabilities by sending the target machine a specially crafted, malicious HTTP request or URL.
In accordance with our coordinated disclosure policy, Cisco Talos worked with phpGACL and OpenEMR to ensure that these issues are resolved and that an update is available for affected customers.
## Vulnerabili
2021-02-10
Published