cbcvebase.
CVE-2024-37656
published 2025-07-07

CVE-2024-37656: An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the insufficient URL parameter verification…

PriorityP276medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
0.49%
38.7th percentile
An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the insufficient URL parameter verification in bbs/logout.php.

Affected

1 ranges
VendorProductVersion rangeFixed in
sirgnuboard

Detection & IOCsextracted from sources · hover to see the quote

path/bbs/logout.php?url=/\oast.pro
path/gnuboard5/bbs/logout.php
path/bbs/logout.php
  • Look for GET requests to /bbs/logout.php or /gnuboard5/bbs/logout.php with a `url` parameter containing a backslash-prefixed or protocol-relative redirect (e.g., url=/\<external-host>), which bypasses insufficient URL validation.
  • Detect exploitation by monitoring HTTP 302 responses from /bbs/logout.php where the Location header redirects to an external or unexpected domain — regex: (?m)^(?:Location\s*?:\s*)(?:https?://|//|/\\)?[a-zA-Z0-9._@-]*oast\.pro.*$
  • Shodan/FOFA fingerprinting: GnuBoard5 instances can be identified via html:"GnuBoard5" (Shodan) or body:"GnuBoard5" (FOFA) to scope exposure.
  • The vulnerability is triggered via the `url` query parameter in bbs/logout.php with insufficient URL parameter verification; monitor for `url` values starting with /\ or // to detect open redirect abuse.
  • ·The Nuclei template uses stop-at-first-match across two path variants (/gnuboard5/bbs/logout.php and /bbs/logout.php); detection logic should account for both install path conventions.
  • ·Detection requires both a 302 status code AND a Location header matching the redirect regex; either condition alone is insufficient to confirm exploitation.

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.