S4E

CVE-2017-12138 Scanner

Detects 'Open Redirect' vulnerability in XOOPS Core affects v. 2.5.8.

Short Info


Level

Medium

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

1 month 3 days

Scan only one

Domain, IPv4

Toolbox

-

XOOPS Core is an open-source content management system that is widely used for building websites and web applications. One of its key features is its flexibility, allowing developers to customize every aspect of their websites with ease. The system is popular among website owners and developers because of its user-friendly interface and powerful tools for managing content.

CVE-2017-12138 is a vulnerability that was discovered in XOOPS Core 2.5.8. Specifically, it is a stored URL redirect bypass issue that can be exploited when accessing the /modules/profile/index.php file. The vulnerability occurs due to a flaw in the URL filter, which fails to properly sanitize user-inputted data and can be leveraged by attackers to redirect website visitors to malicious pages.

If left unaddressed, this vulnerability can lead to a range of security risks and consequences. For instance, attackers can use the vulnerability to redirect website visitors to phishing pages, distribute malware, and steal sensitive information such as login credentials, financial data, and personal information. As a result, website owners and administrators should take this vulnerability seriously and act promptly to mitigate its risks.

In conclusion, vulnerabilities like CVE-2017-12138 serve as a serious reminder of the importance of website security. Thanks to the pro features of the s4e.io platform, those who read this article can easily and quickly learn about vulnerabilities in their digital assets, ensuring that they stay ahead of any potential threats. As website owners and administrators, it is our responsibility to stay vigilant and proactive in protecting our digital assets from cybercriminals and malicious actors.

 

REFERENCES

Get started to protecting your Free Full Security Scan