PHP-Fusion Shoutbox Vulnerability Leading to Malicious Redirects
CVE-2020-23182

5.4MEDIUM

Key Information:

Vendor: PHP-fusion
Status: PHP-fusion
Vendor: CVE Published:; 2 July 2021

What is CVE-2020-23182?

The PHP-Fusion platform's Shoutbox component, specifically shoutbox_archive.php, is susceptible to an exploitation that allows malicious actors to redirect users to unauthorized and harmful websites. This is achieved by submitting a specially crafted payload through the Shoutbox message panel, posing significant risks to user security and privacy. Web admins should take immediate action to secure this component to mitigate potential threats.

References

https://github.com/phpfusion/PHPFusion/issues/2329

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 2, 2021
Vulnerability Reserved
Aug 13, 2020

JSON

PHP-fusion

What is CVE-2020-23182?

References

CVSS V3.1

Timeline