Open Redirect Vulnerability in b2evolution CMS by b2evolution
CVE-2020-22840

6.1MEDIUM

Key Information:

Vendor

B2evolution

Status
B2evolution
Vendor
CVE Published:
9 February 2021

What is CVE-2020-22840?

An open redirect vulnerability exists in b2evolution CMS prior to version 6.11.6, allowing attackers to manipulate the 'redirect_to' parameter within 'email_passthrough.php'. This flaw facilitates the redirection of unsuspecting users to malicious resources controlled by the attacker, posing significant security risks, including phishing and data theft.

References

https://github.com/b2evolution/b2evolution/issues/102
x_refsource_MISC
http://packetstormsecurity.com/files/161362/b2evolution-C...
x_refsource_MISC
https://www.exploit-db.com/exploits/49554
x_refsource_MISC

EPSS Score

35% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.