CVE-2024-37656
published 2025-07-07CVE-2024-37656: An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the insufficient URL parameter verification…
PriorityP276medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
0.49%
38.7th percentile
An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the insufficient URL parameter verification in bbs/logout.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sir | gnuboard | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for GET requests to /bbs/logout.php or /gnuboard5/bbs/logout.php with a `url` parameter containing a backslash-prefixed or protocol-relative redirect (e.g., url=/\<external-host>), which bypasses insufficient URL validation. ↗
- →Detect exploitation by monitoring HTTP 302 responses from /bbs/logout.php where the Location header redirects to an external or unexpected domain — regex: (?m)^(?:Location\s*?:\s*)(?:https?://|//|/\\)?[a-zA-Z0-9._@-]*oast\.pro.*$ ↗
- →Shodan/FOFA fingerprinting: GnuBoard5 instances can be identified via html:"GnuBoard5" (Shodan) or body:"GnuBoard5" (FOFA) to scope exposure. ↗
- →The vulnerability is triggered via the `url` query parameter in bbs/logout.php with insufficient URL parameter verification; monitor for `url` values starting with /\ or // to detect open redirect abuse. ↗
- ·The Nuclei template uses stop-at-first-match across two path variants (/gnuboard5/bbs/logout.php and /bbs/logout.php); detection logic should account for both install path conventions. ↗
- ·Detection requires both a 302 status code AND a Location header matching the redirect regex; either condition alone is insufficient to confirm exploitation. ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hjfh-v9xj-7f93: An open redirect vulnerability in gnuboard5 v
ghsa_unreviewed·2025-07-07
CVE-2024-37656 [MEDIUM] CWE-601 GHSA-hjfh-v9xj-7f93: An open redirect vulnerability in gnuboard5 v
An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the insufficient URL parameter verification in bbs/logout.php.
VulnCheck
sir gnuboard URL Redirection to Untrusted Site ('Open Redirect')
vulncheck·2024·CVSS 6.1
CVE-2024-37656 [MEDIUM] sir gnuboard URL Redirection to Untrusted Site ('Open Redirect')
sir gnuboard URL Redirection to Untrusted Site ('Open Redirect')
An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the insufficient URL parameter verification in bbs/logout.php.
Affected: sir gnuboard
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://app.crowdsec.net/cti/cve-explorer/CVE-2024-37656
No detection rules found.
Nuclei
GnuBoard5 5.5.16 - Open Redirect
nuclei·CVSS 6.1
CVE-2024-37656 [MEDIUM] GnuBoard5 5.5.16 - Open Redirect
GnuBoard5 5.5.16 - Open Redirect
Gnuboard5 5.5.16 contains an open redirect vulnerability caused by insufficient URL parameter verification in bbs/logout.php, letting remote attackers redirect users to arbitrary URLs, exploit requires crafted URL parameter.
Template:
id: CVE-2024-37656
info:
name: GnuBoard5 5.5.16 - Open Redirect
author: 0x_Akoko
severity: medium
description: |
Gnuboard5 5.5.16 contains an open redirect vulnerability caused by insufficient URL parameter verification in bbs/logout.php, letting remote attackers redirect users to arbitrary URLs, exploit requires crafted URL parameter.
impact: |
Remote attackers can redirect users to malicious sites, potentially leading to phishing or information theft.
remediation: |
Update to the latest version of Gnuboard5.
reference:
-
2025-07-07
Published
Exploited in the wild