Lucene search
Viktor MarkopoulosWPEX-ID:56628862-1687-4862-9ED4-145D8DFBCA97HistoryApr 29, 2021 - 12:00 a.m.
AcyMailing < 7.5.0 - Open Redirect
2021-04-2900:00:00
Viktor Markopoulos
73
0.001 Low
EPSS
Percentile
49.5%
When subscribing using AcyMailing, the “redirect” parameter isn’t properly sanitized. Turning the request from POST to GET, an attacker can craft a link containing a potentially malicious landing page and send it to the victim.
When using acymailing to subscribe to a newsletter, you make a POST request with various parameters. Turning that to a GET request and adding the parameters as GET parameters, you can successfully go through with the subscription. Any redirection configuration(s) will not be applied, i.e. the landing page can be changed at will. The email though must be unique for each try.
http://example.com/index.php?page=acymailing_front&ctrl=frontusers&noheader=1&user[email][email protected]&ctrl=frontusers&task=subscribe&option=acymailing&redirect=https://example.com&ajax=0&acy_source=widget%202&hiddenlists=1&acyformname=formAcym93841&acysubmode=widget_acym
Will redirect to example.com. You can change the redirect value to any webpage.Related
prion
prion
Design/Logic Flaw
2021-05-17 17:15:00
wpvulndb
wpvulndb
AcyMailing < 7.5.0 - Open Redirect
2021-04-29 00:00:00
cvelist
cvelist
CVE-2021-24288 AcyMailing < 7.5.0 - Unauthenticated Open Redirect
2021-05-17 16:48:52
cve
cve
CVE-2021-24288
2021-05-17 17:15:08
nuclei
nuclei
WordPress AcyMailing <7.5.0 - Open Redirect
2021-08-31 03:35:08
nvd
nvd
CVE-2021-24288
2021-05-17 17:15:08
patchstack
patchstack