JVN#34634458: PowerCMS vulnerable to open redirect

2019-10-23T00:00:00
ID JVN:34634458
Type jvn
Reporter Japan Vulnerability Notes
Modified 2019-10-23T00:00:00

Description

## Description

PowerCMS provided by Alfasado Inc. contains an open redirect vulnerability (CWE-601).

## Impact

When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack.

## Solution

Update the Software
Update the software to the latest version according to the information provided by the developer.

## Products Affected

  • PowerCMS 5.12 and earlier (PowerCMS 5.x)
  • PowerCMS 4.42 and earlier (PowerCMS 4.x)
  • PowerCMS 3.293 and earlier (PowerCMS 3.x)