CVE-2023-24735 Scanner
Detects 'Open Redirect' vulnerability in PMB affects v. 7.4.6.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 3 days
Scan only one
URL
Toolbox
-
PMB is an open-source Integrated Library System (ILS) that provides libraries with a suite of tools for managing their physical and digital resources. The software is designed to support multiple types of libraries, including public, academic, and special libraries. PMB’s core functionalities include cataloging, circulation, acquisitions, serials management, and basic reporting. Additionally, PMB offers a web-based OPAC (Online Public Access Catalog) feature, allowing users to search for and locate library resources remotely.
CVE-2023-24735 is a vulnerability detected in PMB version 7.4.6. The vulnerability arises from a flaw in the /opac_css/pmb.php component, which permits attackers to perform open redirects by manipulating URLs. Essentially, attackers can craft a malicious URL that, when clicked by a victim user, redirects them to a different website. This attack is particularly concerning since the attacker can use the victim user’s trust in the legitimate website to launch phishing attacks, direct users to malicious websites, and steal sensitive data.
When exploited, CVE-2023-24735 can result in severe consequences for both the library and its users. Attackers who leverage this vulnerability can effectively bypass PMB’s security mechanisms, redirecting users who click on infected links to sites hosting malware or phishing schemes. This behavior could lead to users unknowingly divulging sensitive login credentials or exposing other personally identifiable information to cyber criminals.
At s4e.io, we strive to provide valuable information on current and emerging digital threats. Thanks to our comprehensive security platform, users can stay informed and protect their digital assets from evolving threats. By using our platform, readers can easily and quickly learn about vulnerabilities like CVE-2023-24735 and take the necessary steps to keep their system dependencies secure.
REFERENCES