Open Redirect Vulnerability in PowerCMS by PowerCMS Inc.
CVE-2019-6020

6.1MEDIUM

Key Information:

Vendor: Alfasado Inc.
Status: Powercms
Vendor: CVE Published:; 26 December 2019

🔔 Create Alfasado Inc. Vulnerability Alert

What is CVE-2019-6020?

An open redirect vulnerability exists in PowerCMS versions 5.12 and earlier, 4.42 and earlier, and 3.293 and earlier, allowing remote attackers to redirect users to arbitrary websites. This flaw can be exploited through specially crafted URLs, posing significant risks for phishing attacks, where unsuspecting users may be led to malicious sites designed to compromise their data or credentials.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

PowerCMS 5.12 and earlier (PowerCMS 5.x), 4.42 and earlier (PowerCMS 4.x), and 3.293 and earlier (PowerCMS 3.x)

References

https://www.powercms.jp/news/release-powercms-201910.html

x_refsource_MISC

http://jvn.jp/en/jp/JVN34634458/index.html

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 26, 2019
Vulnerability Reserved
Jan 10, 2019

JSON

Alfasado Inc.