URL Redirection Vulnerability in UJCMS 9.6.3 Exposes Users to Phishing Attacks
CVE-2024-55452

5.4MEDIUM

Key Information:

Vendor: Dromara
Status: Ujcms
Vendor: CVE Published:; 16 December 2024

What is CVE-2024-55452?

A high-impact URL redirection vulnerability has been identified in UJCMS version 9.6.3, stemming from insufficient validation of URLs during the upload and rendering of new block and carousel items. This flaw allows authenticated attackers to manipulate link redirection, leading unprivileged users to unauthorized, attacker-controlled web pages. Users who interact with these compromised block items face the risk of being redirected to untrusted domains, jeopardizing sensitive information like JSON Web Tokens and other private data. This vulnerability highlights the critical need for rigorous input validation and robust security measures in web applications.

References

https://github.com/dromara/ujcms

https://github.com/cydtseng/Vulnerability-Research/blob/m...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2024

CVE-2024-55452 Data

JSON

Dromara

What is CVE-2024-55452?

References

CVSS V3.1

Timeline