Snowfox CMS 1.0 Open Redirect

`  
Snowfox CMS v1.0 (rd param) Open Redirect Vulnerability  
  
  
Vendor: Globiz Solutions  
Product web page: http://www.snowfoxcms.org  
Affected version: 1.0  
  
Summary: Snowfox is an open source Content Management System (CMS)  
that allows your website users to create and share content based  
on permission configurations.  
  
Desc: Input passed via the 'rd' GET parameter in 'selectlanguage.class.php'  
script is not properly verified before being used to redirect users. This  
can be exploited to redirect a user to an arbitrary website e.g. when a user  
clicks a specially crafted link to the affected script hosted on a trusted  
domain.  
  
===========================================================================  
\modules\system\controller\selectlanguage.class.php:  
----------------------------------------------------  
  
28: if ($results && isset($inputs['rd'])){  
29: header("location: ".$inputs['rd']);  
30: }  
31: return $results;  
  
===========================================================================  
  
Tested on: Apache/2.4.7 (Win32)  
PHP/5.5.6  
MySQL 5.6.14  
  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
@zeroscience  
  
  
Advisory ID: ZSL-2014-5206  
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5206.php  
  
  
  
12.11.2014  
  
--  
  
  
http://10.0.18.3/snowfox/?uri=user/select-language&formAction=submit&rd=http://www.zeroscience.mk&languageId=us-en  
`